TWiki System Requirements

Server and client requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

TWiki Installation Guide

The following is installation instructions for the TWiki 4.3 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead.

Both this document and the TWikiUpgradeGuide are also available in the root of the distribution as HTML files.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the person installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing perl CPAN libraries).

To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) priviledges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki 3) you will need the information found in TWiki:TWiki.TWikiUpgradeGuide. There is also a static HTML TWikiUpgradeGuide.html included in the root of your TWiki distribution.

Upgrading from a recent TWiki4 release is much simpler. Upgraders from earlier TWiki4 versions can follow the steps described in TWiki:TWiki.UpgradingTWiki04x00PatchReleases to ensure a safe upgrade without accidently overwriting customizations.

Warning! Do not just just run a chmod -R 770 twiki. The access rules have different meaning for files and directories. This is the most common mistake installers make.

The distribution tgz has the file and directory access rights setup to work with a reasonable security level that will work for all types of installations including shared hosting.

The ownership of the twiki directory tree is normally set to the user that unpacked the tgz and will have to be changed to the webserver user using the command chown -R user:group /path/to/twiki. The webserver username varies from Distributions. Examples for some major distributions:

If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access right of the entire TWiki tree back to the distributed defaults.

It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights have a good safety level.

Check the Perl installation. Ensure that Perl 5 and the Perl CGI library are installed on your system.

The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.

Some systems require a special extension on perl scripts (e.g. .cgi or .pl). This is normally only needed under Windows and only where perl scripts are only recognized by file extension. Linux and Unix users should normally never need to do this. If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).

Create the file LocalLib.cfg located as twiki/bin/LocalLib.cfg

There is a template for this file in twiki/bin/LocalLib.cfg.txt. Simply copy LocalLib .cfg.txt to LocalLib .cfg. Make sure the ownership and access rights of the copy are the same as LocalLib .cfg.txt

The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /var/www/twiki/lib.

If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.

Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files

Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and one file gives the best overview and ensures that you get a safe installation . However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file http.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.

.htaccess file: This should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search for possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo priviledges.

Configure the webserver

Unless you are an Apache expert setting up the webserver can be quite difficult. But TWiki has three resources that make setting up Apache easier.

The best and easiest way is to use webpage TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.

In the root of the twiki installation you find an example config file twiki_httpd_conf.txt

In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts. In the root of TWiki you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root priviledges.

Note! When you use config files you need to restart Apache each time you change a setting to make the new setting active.

Protect the configure script

You should never leave the configure script open to the public. Limit access to the twiki/bin/configure script to either localhost, an IP address or a specific user using basic Apache authentication. The TWiki:TWiki.ApacheConfigGenerator lets you setup who has access to the configure script. Also the example twiki-httpd-conf.txt and bin/.htaccess.txt files includes the needed setting to protect the configure script.

If you limit the access to a particular user then you need to setup a .htpasswd file that contains the user name and password that Apache will authenticate against. Per default both TWiki:TWiki.ApacheConfigGenerator and the example config files and .htaccess files uses twiki/data/.htpasswd but this file does not exist until you have TWiki running and have registered the first user. You therefore have two options. Either limit the access to localhost or an IP address, or make a .htpasswd file. To make a .htpasswd file change directory to twiki/data and issue the command htpasswd -c .htpasswd username and enter your password when asked. The username must match the Require user username directive in the Apache config file or .htaccess file. Do not use a username you will later use to register in TWiki because TWiki will then claim that you are already registered.

Note! When you run configure for the first time, you can only edit the section General Path Settings. Save these settings, and then return to configure to continue configuration.

If your webserver can be accessed by more than one domain name make sure to add the additional alternative URLs to {PermittedRedirectHostUrls}

When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send administrative emails, such as for registration and notification of topic changes. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}. If you do not want to enable mailing or want to enable it later you can uncheck {EnableEmail}.

You now have a basic, unauthenticated installation running. At this point you can just point your Web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

As already described above you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.

You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files. Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.

Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories. For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.

The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 3 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. Easy way to jump directly to view the pages is to open your own TWiki in your browser and write TWiki.TWikiSkins in the Jump test box to the right in the top bar and hit Enter. You can find these topics in the on-line reference copy at the official TWiki website: TWiki Release 4.3

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

Under the Security Settings pane of configure :

Select TWiki::LoginManager::TemplateLogin for {LoginManager}.

Select TWiki::Users::HtPasswdUser for {PasswordManager}.

Save your configure settings.

Register yourself using the TWikiRegistration topic. Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.

Note! The other LoginManager option TWiki::LoginManager::ApacheLogin uses a basic Apache type authentication where the browser itself prompts you for username and password. Most will find the TemplateLogin looking nicer. But ApacheLogin is required when you use Apache authentication methods like mod_ldap where all authentication is handled by an Apache module and not by the TWiki perl code. When you use ApacheLogin the apache configuration must be set up to require authentication of the some but not all the scripts in the bin directory. This section in the Apache config (or .htaccess) controls this

The TWiki:TWiki.ApacheConfigGenerator includes this section when you choose ApacheLogin. In the example twiki_httpd_conf.txt and bin/.htaccess.txt files this section is commented out with #. Uncomment the section when you use ApacheLogin. It is important that this section is commented out or removed when you use TemplateLogin.

Define the Administrator User(s)

Administrators have read and write access to any topic in TWiki, irrespectively of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.

Note that if you use ApacheLogin you have to be registered and logged in before you use the internal admin login

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

TWikiPreferences. Read through it and identify any additional settings or changes you think you might need. You can edit the settings in TWiki.TWikiPreferences but these will be overwritten when you later upgrade to a newer TWiki version. Instead copy any settings or variables that you want to customize from TWiki.TWikiPreferences and paste them into Main.TWikiPreferences. When you later upgrade TWiki simply avoid overwriting the data/Main/TWikiPreferences.txt file and all your settings will be kept. Settings in Main.TWikiPreferences overrides settings in both TWiki.TWikiPreferences and any settings defined in plugin topics. See notes at the top of TWiki.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

Confirm the Mail and Proxies settings in the Configure interface.

Setup a cron job (or equivalent) to call the tools/mailnotify script as described in the MailerContrib topic.

Enable Signed Email Notification

TWiki administrative e-mails are an attractive target for SPAM generators and phishing attacks. One good way to protect against this possibility to enable S/MIME signatures on all administrative e-mails. To do this, you need an an X.509 certificate and private key for the the {WebMasterEmail} email account. Obtain these as you would for any other S/MIME e-mail user.

To enable TWiki to sign administrative e-mails:

Enable e-mail as described above

If necessary, convert your certificate and key files to PEM format ( openssl has all the necessary utilities)

Place the certificate anyplace convenient that the webserver can read. It should be protected against write. The conventional place under linux is /etc/pki/tls/certs

Place the key file in a secure location that only the webserver can read. It must not be readable by anyone else, and must not be served by the webserver.

Using the configure script, change the following settings under Mail and Proxies:

Follow the directions under {MailProgram} to enable an external mail program such as sendmail. Net::SMTP is not supported.

Enter the full path to the certificate file in the {SmimeCertificateFile} configuration variable

Enter the full path to the private key file in the {SmimeKeyFile} configuration variable

Save the configuration

Re-run the configure script an resolve any errors that it identifies

All out-going administrative e-mails will now be signed.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however cost performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} and install let cron run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki, a home topic is created for them based on the NewUserTemplate topic (and its UserForm). It contains additional resources you can use to:

Localize the user topic.

Add a default ALLOWTOPICCHANGE so only the user can edit their own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to prevent spam.

Add and remove fields defined in the UserForm

If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

If you added or removed fields from the user form you may also need to tailor TWikiRegistration.

Install Plugins

TWiki:Plugins is an extensive library of Plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

Customize Your TWiki!

The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skin (called PatternSkin) by reading the PatternSkinCustomization.

At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.

Customization of Special Pages

Some pages are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. The topics are:

WYSIWYG vs Raw Edit

From TWiki release 4.2.0 on the WYSIWYG editor has been replaced by a much better and more powerful editor and it was decided that WYSIWYG would be the default edit mode. An Edit Raw link is available for those that have a need or preference for this mode.

However you may prefer to have the same user interface as in TWiki 4.1 where Edit was the raw text editor and you had a WYSIWYG button. You can modify the templates that define the buttons by following the description on TWiki:Codev.TWikiRawEditDefault04x02.

If your TWiki is used in a commercial application without public access you should replace this by your normal copyright notice. You should also consider adding classifications (e.g. For Internal Use Only) so people do not have to add this manually to every new topic.

If your TWiki is public with public access you need to decide which copyright and license the contributions should be covered by. For open source type applications licenses such as the GNU Free Documentation License, FreeBSD Documentation License, and Creative Commons license are possible licenses to consider. Remember that once people have started contributing it is difficult and not correct to change or impose licenses on existing contributions.

Appendices

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.8.4 or higher is recommended. TWiki will run in perl 5.6.1 but only with Wysiwyg editor disabled. Wysiwyg requires unicode support which is provided by perl 5.8.1 and forward.

RCS

5.7 or higher (including GNU diff) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite . Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

Optional CPAN Modules

May be required by the Extensions Installer in configure if command line tar or unzip is not available

CGI::Cookie

>=1.24

Used for session support

CGI::Session

>=3.95

Highly recommended! Used for session support

Crypt::SMIME

>=0.09

Required if S/MIME-signed administrative e-mail is enabled.

Digest::base

Digest::SHA1

Jcode

Used for I18N support with perl 5.6

Locale::Maketext::Lexicon

>=0

Used for I18N support

Net::SMTP

>=2.29

Used for sending mail

Unicode::Map

Used for I18N support with perl 5.6

Unicode::Map8

Used for I18N support with perl 5.6

Unicode::MapUTF8

Used for I18N support with perl 5.6

Unicode::String

Used for I18N support with perl 5.6

URI

Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

Important note about TWiki Plugins

Note: Plugins included in the TWiki distribution do not add requirements, except for the CommentPlugin which requires Perl 5.6.1.

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:

Using the table below, create a directory structure on your host server

Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)

Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/setlib.cfg file (done in Step 2).

Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:

chmod -R 755 pub

chmod 644 `find pub -type f -print`

In addition, you should create a .htaccess file in the pub directory, using the template included in the root level of the distribution entitled pub-htaccess.txt.

Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

Copy the file lib/TWiki.spec to lib/LocalSite.cfg

Remove the comment # in front of $TWiki::cfg{DefaultUrlHost}, $TWiki::cfg{ScriptUrlPath}, $TWiki::cfg{PubUrlPath}, $TWiki::cfg{PubDir}, $TWiki::cfg{TemplateDir}, $TWiki::cfg{DataDir}, $TWiki::cfg{LocalesDir}, and $TWiki::cfg{OS} and make sure these settings have the correct values.

Make sure to define at least these settings: $TWiki::cfg{LoginManager}, $TWiki::cfg{WebMasterEmail}, $TWiki::cfg{SMTP}{MAILHOST}, $TWiki::cfg{SMTP}{SENDERHOST}.

TWiki Upgrade Guide

This guide covers upgrading from a previous version of TWiki (such as Cairo or TWiki-4.0) to TWiki-4.3

Overview

TWiki-4.0.0 was a major new release. TWiki-4.1.x, TWiki-4.2.x, TWiki-4.3.x minor releases containing new features that can be seen by the end user, a large number of bug fixes. Use the TWikiInstallationGuide if you do not have data to carry forward.

Major Changes Compared to Earlier TWiki Releases

Upgrade Procedure

The following steps are a rough guide to upgrading only. It is impossible to give detailed instructions, as what you have to do may depend on whether you can configure the webserver or not, and how much you have changed distributed files in your current TWiki release.

The main steps are:

Install the new TWiki version, configure it, and get it to work similar to the old version

Install additional extensions (Plugins). Make sure to use the latest versions

Copy all the non-default webs from the old installation to the new

Copy the users from old installation to the new incl all their topics from Main

Apply tailorings to your Skin (logos, menu bars etc)

Apply preferences from old installation

After the extensions are installed (or upgraded) in step 2, take a "golden" backup. That will come in handy for your next patch or upgrade: By checking the differences between the golden copy and your production copy, you will be able to identify all the modifications that you have applied to the core or extensions.

Installation

Follow the installation instructions in INSTALL.html which you find in the root of the new installation. Install the new release in a new directory. Do not install on top of the old release.

If you are upgrading from a 4.x.x release, you can carry over the configure settings from the old release.

You need to run configure and save the configuration once when you upgrade as this will update the altered and added settings.

You can also choose to start with a fresh configuration and walk through all the settings using your old LocalSite.cfg as a reference. This way you will not have old obsolete settings in the new LocalSite.cfg.

If at any time during the installation you want to start over from fresh all you need to do is delete the lib/LocalSite.cfg file and re-run configure.

If you upgrade from an older TWiki your lib/TWiki.cfg from the old TWiki installation is a good resource for some of the settings you will need but you cannot reuse the old TWiki.cfg.

Make sure you have a working basic TWiki before you continue

Install Extensions

Note that not all extensions that worked in Cairo have been updated to work with TWiki-4.0. Many Cairo plugins work fine. Some do not. Many plugins have been upgraded to work with TWiki-4.0 and later.

From TWiki-4.1.0 the configure script which you ran during installation supports installation of additional plugins.

Manual installation is possible. Follow the instruction on the Plugin page at twiki.org.

Check the plugin topics from your old TWiki installation. There may be plugin settings that you want to transfer to the new TWiki installation. Hint: For an easier upgrade later on, set the plugin preferences settings in the Main.TWikiPreferences topic, not in the plugin topic. To identify the plugin, prefix the name of the setting with the capitalized name of the plugin. For example, to change the DEFAULT_TYPE setting of the CommentPlugin, create a COMMENTPLUGIN_DEFAULT_TYPE setting in Main.TWikiPreferences.

InterWikis - If you added your own rules you should save this topic and not overwrite it.

SlideShowPlugin - Make sure you did not change the embedded 'Default Slide Template' If you did you should save it. It is a bad idea to do. It is better to define your own slide show templates as separate topics that do not get overwritten when you upgrade.

SmiliesPlugin - Did you add your own smileys? No real changes were made to the smilies topic October 2005 so you can just leave this topic as it is.

To avoid having to re-apply plugin settings each time you upgrade a plugin or TWiki itself, define the altered plugin settings in Main.TWikiPreferences instead

Copy your old webs to new TWiki

When upgrading from Cairo or earlier it may be necessary to unlock the rcs files in data and pub directories from the old installation using the following shell commands:

find data -name '*,v' -exec rcs -u -M '{}' \;

find pub -name '*,v' -exec rcs -u -M '{}' \;

Copy your local webs over to the data and pub directories of the new install. Do not copy the default webs: TWiki, Main, Trash, Sandbox, _default, and _empty.

Make sure all data and pub files and directories are owned by the webserver user.

Note: TWiki's WebChanges topics depend on the file timestamp. If you touch the .txt files make sure to preserve the timestamp, or to change them in the sequence of old file timestamps.

Copy Users And Their Topics From Main Web

Copy all the topics from the Main web and corresponding pub/Main directories from the old TWiki to the new TWiki but do not overwrite any of the new topics already inside the new Main directory!

Manually merge all the users from the old Main.TWikiUsers topic to the new TWiki. If you upgrade from Cairo you can simply use the old file and add the missing new system users to the list of users. If you upgrade from TWiki-4.0.x simply use the old topic. Starting from 4.2.0 TWiki no longer ships with a Main.TWikiUsers topic. When you register the first user TWiki now checks for an existing Main.TWikiUsers and if it does not exist it gets created.

If you use data/.htpasswd for authentication copy this file from the old TWiki to the new.

If you upgrade from Cairo and you are using the Htpasswd login manager, then note that email addresses for users have moved out of user topics and into the password file. There is a script that performs this extra upgrade step for you - see tools/upgrade_emails.pl.

The old sandbox web may have a lot of useful topic and users may use it actively for drafts. Manually select the topics (remember the corresponding pub directories) from the old Sandbox web and copy them to the new TWiki. Decide if you want to overwrite the sandbox homepage and left menu bar or keep the new.

If you added or removed fields from the user topic form you may also have tailored TWiki.TWikiRegistration. Make sure you either reuse the registration topic from the old installation or apply the same field changes to the new TWiki.TWikiRegistration topic.

Starting from 4.2.0 TWiki ships with NewUserTemplate and UserForm in the TWiki web. If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

Make sure all data and pub files and directories are owned by the webserver user.

Apply Customizations To The Skin

Not many of the old Cairo skins work well with TWiki-4.0 and later.

Add Logos, update top bar and left bar as required.

Apply any desired changes to style sheets and templates. The default PatternSkin has been totally rewritten since Cairo and once more in 4.0.2. Since then changes to PatternSkin have been minor and you may be able to carry over most simpler tailorings directly from 4.0.2-4.0.5.

Apply Preferences From Old Installation

Transfer any customized and local settings from TWiki.TWikiPreferences to the topic pointed at by {LocalSitePreferences} (Main.TWikiPreferences). Per default this is Main.TWikiPreferences. This avoids having to write over files in the distribution on a later upgrade.

If you changed any of the topics in the original TWiki distribution, you will have to transfer your changes to the new install manually. There is no simple way to do this, though a suggestion is to use 'diff' to find changed files in the data/TWiki of the old and new TWiki installation, and transfer the changes into the new TWiki install. If you can run a GUI on your server, you may find that using a visual diff tool like WinMerge, meld, kdiff3, xxdiff, etc. is helpful.

Compare the WebPreferences topics in the old TWiki Installation with the default from the new TWiki installation and add any new Preferences that may be relevant.

Compare the WebLeftBar topics in the old TWiki Installation with the default from the new TWiki installation and add any new feature that you desire.

Customization of Special Pages

Some pages in the TWiki web are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. If you have made such customizations remember to replace these topics in the TWiki web with the tailored versions from your old installation. The topics are:

TWiki.ChangePassword

TWiki.ResetPassword

TWiki.ChangeEmailAddress

Upgrading from Cairo to TWiki-4 (additional advice)

Favicon

TWiki-4's PatternSkin introduces the use of the favicon feature which most browsers use to show a small icon in front of the URL and for bookmarks.

In TWiki-4 it is assumed that each web has a favicon.ico file attached to the WebPreferences topic. When you upgrade from Cairo to TWiki-4 you do not have this file and you will get flooded with errors the error log of your web server. There are two solutions to this.

Attach a favicon.ico file to WebPreferences in each web.

Preferred: Change the setting of the location of favicon.ico in TWikiPreferences so all webs use the favicon.ico from the TWiki web. This is the fastest and easiest solution.

To change the location of favicon.ico in TWikiPreferences to the TWiki web add this line to TWikiPreferences

* Set FAVICON = %PUBURLPATH%/%SYSTEMWEB%/%WEBPREFSTOPIC%/favicon.ico

TWikiUsers topic in Main web

Your Cairo Main.TWikiUsers topic will work in TWiki-4 but you will need to ensure that these 4 users from the default TWiki-4 version of TWikiUsers are copied to the existing TWikiUsers topic. TWikiGuest is probably already there but the others are new

TWikiContributor - placeholder for a TWiki developer, and is used in TWiki documentation

TWikiGuest - guest user, used as a fallback if the user can't be identified

TWikiRegistrationAgent - special user used during the new user registration process

UnknownUser - used where the author of a previously stored piece of data can't be determined

You additionally need to ensure that TWikiUsers has the Set ALLOWTOPICCHANGE = TWikiAdminGroup, TWikiRegistrationAgent. Otherwise people will not be able to register.

Important Changes since 4.0.5

Supported Perl version

TWiki 4.0.5 worked on Perl version 5.6.X. Reports from users has shown that unfortunately TWiki 4.1.0 does not support Perl versions older then 5.8.0. It is the goal that TWiki should work on at least Perl version 5.6.X but none of the developers have had access to Perl installations older than 5.8.0.

Since TWiki 4.1.0 has some urgent bugs the development team decided to release TWiki 4.1.1 without resolving the issue with Perl 5.6.X. We will however address this and try and resolve it for a planned 4.1.2 release. The TWiki community is very interested in contributions from users that have fixes for the code which will enable TWiki to run on older versions of Perl.

Template spec changed

Until TWiki 4.0.5 TWikiTemplates the text inside template definition blocks (anything between %TMPL:DEF{"block"}% and %TMPL:END% was stripped of leading and trailing white space incl new lines.

This caused a lot of problems for skin developers when you wanted a newline before or after the block text.

From TWiki 4.1.0 this has changed so that white space is no longer stripped. Skins like PatternSkin and NatSkin have been updated so that they work with the new behavior. But if you use an older skin or have written your own you will most likely need to make some adjustments.

It is not difficult. The general rule is - if you get mysterious blank lines in your skin, the newline after the %TMPL:DEF{"block"}% needs to be removed. Ie. the content of the block must follow on the same line as the TMPL:DEF.

The spec change have the same impact on CommentPlugin templates where you may have to remove the first line break after the TMPL:DEF. See the CommentPluginTemplate for examples of how comment template definitions should look like in TWiki-4.1.X

An example: A CommentPlugin template that adds a comment as appending a row to a table. Before the spec change this would work.

The advantage of the spec change is that now you can add leading and trailing white space including new lines. This was not possible before.

Important Changes since 4.1.0

New location for session and other temporary files

An upgrader upgrading to 4.1.1 should note the following important change

The directory for passthrough files and session files have been replaced by a common directory for temporary files used by TWiki. Previously the two configure settings {PassthroughDir} and {Sessions}{Dir} were by default set to /tmp. These config settings have been replaced by {TempfileDir} with the default setting value /tmp/twiki. If the twiki directory does not exist twiki will create it first time it needs it.

It is highly recommended no longer to use the tmp directory common to other web applications and the new default will work fine for most. You may want to delete all the old session files in /tmp after the upgrade to 4.1.1. They all start with cgisess_. It is additionally highly recommended to limit write access to the {TempfileDir} for security reasons if you have non-admin users with login access to the webserver just like you would do with the other webserver directories.

Important Changes since 4.1.2

New WYSIWYG Editor

TWiki now ships with a new WYSIWYG editor based on TinyMCE replaces the Kupu based editor. TinyMCE is not a perfect Wysiwyg editor but it is magnitudes better than the Kupu editor

The WysiwygPlugin that drives the engine behind both TinyMCE has additionally been heavily improved so that less TWiki Applications are negatively affected by editing WYSIWYG

When TinyMCEPlugin is enabled the Edit button per default becomes WYSIWYG editing mode. A new Raw Edit link has been added to enable application developers to edit the good old way

The WYSIWYG button has been removed.

NEWTOPICLINKSYMBOL removed

The NEWTOPICLINKSYMBOL preference which was deprecated in 4.1 has now been removed from the code. If you want to control the appearance of new links, you can use NEWLINKFORMAT.

UserForm and NewUserTemplate Customization

When a new user registers on TWiki his user topic is created based on the NewUserTemplate and UserForm.

The NewUserTemplate was located in the TWiki web and the UserForm in the Main web. When upgrading TWiki these were some of the topics you had to take care not to overwrite.

From 4.2.0 the UserForm and NewUserTemplate are distributed in the TWiki web. If you create the two in the Main web the Main web version will be used instead. So if you tailor the user topic format or the form then you should always copy the two files to the Main web and modify the ones in the Main web. When you later upgrade TWiki your tailored template and form will not be overwritten.

TWikiUsers no longer distributed

The Main.TWikiUsers topic contains all the registered users. It is a topic you do not want to overwrite when you upgrade TWiki.

From 4.2.0 this file is no longer included in the TWiki distribution. When you register the first time TWiki creates the Main.TWikiUsers topic in the Main web if it does not exist already. This means that you can now upgrade TWiki without risk of overwriting the important TWikiUsers topic.

For new installers this makes no difference at all

For upgraders this is one less problem to worry about as your important Main.TWikiUsers topic now no longer gets overwritten when upgrading.

New working directory

A new directory working which per default is located in the twiki root, has been introduced which contains:

registration_approvals - with 4.2.0 it is moved to here from the data directory.

tmp - so we now avoid having to fight with special access rights and /tmp directory that gets cleaned out when booting.

work_areas - with 4.2.0 it is moved to here from the pub directory. Configure automatically moved the directory when you upgrade.

Note: Remember to restrict access to this new directory when you upgrade.

The configuration setting {WorkingDir} defines the container directory for temporary files, extensions' work areas, and intermediate registration data. The default is working under your installation root.

Take care for that change if you run your own routine to delete obsolete session files, which will now be found under working/tmp/cgisess*.

New Internal Admin Login

TWiki 4.2 introduces a new Internal Admin Login feature which uses "admin" (configurable) as username and the password used for configure to become temporary administrator. When you do a new installation you need to use this feature as Main.TWikiAdminGroup is now access restricted by default to avoid security attacks during the hours an installation may take. From configure there is a link to the TWikiAdminGroup topic and on TWikiAdminGroup the step by step instructions are written in a yellow box. Our advice is not to remove this help text in case you need it later.

TWiki User Authentication

TWiki site access control and user activity tracking options

Overview

Authentication, or "login", is the process by which a user lets TWiki know who they are.

Authentication isn't just to do with access control. TWiki uses authentication to identify users, so it can keep track of who made changes, and manage a wide range of personal settings. With authentication enabled, users can personalise TWiki and contribute as recognised individuals, instead of shadows.

TWiki authentication is very flexible, and can either stand alone or integrate with existing authentication schemes. You can set up TWiki to require authentication for every access, or only for changes. Authentication is also essential for access control.

Quick Authentication Test - Use the %USERINFO% variable to return your current identity:

TWiki user authentication is split into four sections; password management, user mapping, user registration, and login management. Password management deals with how users personal data is stored. Registration deals with how new users are added to the wiki. Login management deals with how users log in.

Once a user is logged on, they can be remembered using a Client Session stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again.

TWiki user authentication is configured through the Security Settings pane in the configure interface.

Please note FileAttachments are not protected by TWiki User Authentication.

Password Management

As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the configure interface for more details.

You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.

User Mapping

Often when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly WikiName. Also, an external authentication database may well have user information you want to import to TWiki, such as user groups.

By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support import of groups etc.

User Registration

New user registration uses the password manager to set and change passwords and store email addresses. It is also responsible for the new user verification process. the registration process supports single user registration via the TWikiRegistration page, and bulk user registration via the BulkRegistration page (for admins only).

The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support.

Note: If you are restricting the entire Main web to TWikiGuest, you are required to add TWikiRegistrationAgent to ALLOWWEBCHANGE in your Main/WebPreferences. By doing so, new users are able to register without any errors.

Login Management

Login management controls the way users have to log in. There are three basic options; no login, login via a TWiki login page, and login using the webserver authentication support.

No Login (select none in configure)

Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity.

Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

there is also an EXPERT configure setting {TemplateLogin}{PreventBrowserRememberingPassword} that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage.

Register yourself in the TWikiRegistration topic. Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

At this time TWikiAccessControls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access.

You can create a custom version of the TWikiRegistration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade.

Apache Login (select TWiki::LoginManager::ApacheLogin in configure)

Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver.

The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules such as mod_auth_ldap or mod_auth_mysql you can just plug in directly to them.

The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.

TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName).

The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.

Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.

Use configure to select the TWiki::LoginManager::ApacheLogin login manager.

Use configure to set up TWiki to create the right kind of .htpasswd entries.

Create a .htaccess file in the twiki/bin directory. There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done. If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support) At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access

You can create a custom version of the TWikiRegistration form by copying the default topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade. The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate topic, which will then override the default.

Register yourself in the TWikiRegistration topic. Check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you may have got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

Logons via bin/logon

Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on.

The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked.

Sessions

TWiki uses the CPAN:CGI::Session and CPAN:CGI::Cookie modules to track sessions. These modules are de facto standards for session management among Perl programmers. If you can't use Cookies for any reason, CPAN:CGI::Session also supports session tracking using the client IP address.

You don't have to enable sessions to support logins in TWiki. However it is strongly recommended. TWiki needs some way to remember the fact that you logged in from a particular browser, and it uses sessions to do this. If you don;t enable sessions, TWiki will try hard to remember you, but due to limitations in the browsers it may also forget you (and then suddenly remember you again later!). So for the best user experience, you should enable sessions.

There are a number of TWikiVariables available that you can use to interrogate your current session. You can even add your own session variables to the TWiki cookie. Session variables are referred to as "sticky" variables.

Getting, Setting, and Clearing Session Variables

You can get, set, and clear session variables from within TWiki web pages or by using script parameters. This allows you to use the session as a personal "persistent memory space" that is not lost until the web browser is closed. Also note that if a session variable has the same name as a TWiki preference, the session variables value takes precedence over the TWiki preference. This allows for per-session preferences.

Cookies and Transparent Session IDs

TWiki normally uses cookies to store session information on a client computer. Cookies are a common way to pass session information from client to server. TWiki cookies simply hold a unique session identifier that is used to look up a database of session information on the TWiki server.

For a number of reasons, it may not be possible to use cookies. In this case, TWiki has a fallback mechanism; it will automatically rewrite every internal URL it sees on pages being generated to one that also passes session information.

TWiki Username vs. Login Username

This section applies only if you are using authentication with existing login names (i.e. mapping from login names to WikiNames).

Login Username: When you login to the intranet, you use your existing login username, ex: pthoeny. This name is normally passed to TWiki by the REMOTE_USER environment variable, and used internally. Login Usernames are maintained by your system administrator.

TWiki Username: Your name in WikiNotation, ex: PeterThoeny, is recorded when you register using TWikiRegistration; doing so also generates a personal home page in the Main web.

TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your WikiName as a login name.

NOTE:To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %USERSWEB%.WikiUsername.
This points WikiUsername to the Main web, where user home pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic everywhere but in the Main web.

Changing Passwords

If your {PasswordManager} supports password changing, you can change and reset passwords using forms on regular pages.

Changing E-mail Addresses

If the active {PasswordManager} supports storage and retrieval of user e-mail addresses, you can change your e-mail using a regular page. As shipped, this is true only for the Apache 'htpasswd' password manager.

How to choose an authentication method

One of the key features of TWiki is that it is possible to add HTML to topics. No authentication method is 100% secure on a website where end users can add HTML, as there is always a risk that a malicious user can add code to a topic that gathers user information, such as session IDs. The TWiki developers have been forced to make certain tradeoffs, in the pursuit of efficiency, that may be exploited by a hacker.

This section discusses some of the known risks. You can be sure that any potential hackers have read this section as well!

At one extreme, the most secure method is to use TWiki via SSL (Secure Sockets Layer), with a login manager installed and Client Sessions turned off.

Using TWiki with sessions turned off is a pain, though, as with all the login managers there are occasions where TWiki will forget who you are. The best user experience is achieved with sessions turned on.

As soon as you allow the server to maintain information about a logged-in user, you open a door to potential attacks. There are a variety of ways a malicious user can pervert TWiki to obtain another users session ID, the most common of which is known as a cross-site scripting attack. Once a hacker has an SID they can pretend to be that user.

To help prevent these sorts of attacks, TWiki supports IP matching, which ensures that the IP address of the user requesting a specific session is the same as the IP address of the user who created the session. This works well as long as IP addresses are unique to each client, and as long as the IP address of the client can't be faked.

Session IDs are usually stored by TWiki in cookies, which are stored in the client browser. Cookies work well, but not all environments or users permit cookies to be stored in browsers. So TWiki also supports two other methods of determining the session ID. The first method uses the client IP address to determine the session ID. The second uses a rewriting method that rewrites local URLs in TWiki pages to include the session ID in the URL.

The first method works well as long as IP addresses are unique to each individual client, and client IP addresses can't be faked by a hacker. If IP addresses are unique and can't be faked, it is almost as secure as cookies + IP matching, so it ranks as the fourth most secure method.

If you have to turn IP matching off, and cookies can't be relied on, then you may have to rely on the second method, URL rewriting. This method exposes the session IDs very publicly, so should be regarded as "rather dodgy".

Most TWiki sites don't use SSL, so, as is the case with most sites that don't use SSL, there is always a possibility that a password could be picked out of the aether. Browsers do not encrypt passwords sent over non-SSL links, so using Apache Login is no more secure than Template Login.

Of the two shipped login managers, Apache Login is probably the most useful. It lets you do this sort of thing:
wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting
i.e. pass in a user and password to a request from the command-line. However it doesn't let you log out.

Template Login degrades to url re-writing when you use a client like dillo that does not support cookies. However, you can log out and back in as a different user.

Finally, it would be really neat if someone was to work out how to use certificates to identify users.....

TWiki Access Control

Restricting read and write access to topics and webs, by Users and groups

TWiki Access Control allows you restrict access to single topics and entire webs, by individual user and by user Groups. Access control, combined with TWikiUserAuthentication, lets you easily create and manage an extremely flexible, fine-grained privilege system.

An Important Control Consideration

Open, freeform editing is the essence of WikiCulture - what makes TWiki different and often more effective than other collaboration tools. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less Wiki in the mix. Experience shows that unrestricted write access works very well because:

Peer influence is enough to ensure that only relevant content is posted.

Peer editing - the ability for anyone to rearrange all content on a page - keeps topics focused.

A blank in the the above table may mean either the corresponding control is absent or commented out or that it has been set to a null value. The two conditions have dramatically different and possibly opposed semantics.

Authentication vs. Access Control

Access control: Restrict access to content based on users and groups once a user is identified.

Users and Groups

Access control is based on the familiar concept of Users and Groups. Users are defined by their WikiNames. They can then be organized in unlimited combinations by inclusion in one or more user Groups. For convenience, Groups can also be included in other Groups.

Managing Users

A user can create an account in TWikiRegistration. The following actions are performed:

WikiName and encrypted password are recorded using the password manager if authentication is enabled.

A confirmation e-mail is sent to the user.

A user home page with the WikiName of the user is created in the Main web.

The default visitor name is TWikiGuest. This is the non-authenticated user.

Managing Groups

The following describes the standard TWiki support for groups. Your local TWiki may have an alternate group mapping manager installed. Check with your TWiki administrator if you are in doubt.

Groups are defined by group topics located in the Main web. To create a new group, visit TWikiGroups and enter the name of the new group ending in Group into the "new group" form field. This will create a new group topic with two important settings:

Set GROUP = < list of Users and/or Groups >

Set ALLOWTOPICCHANGE = < list of Users and/or Groups >

The GROUP setting is a comma-separated list of users and/or other groups. Example:

Set GROUP = Main.SomeUser, Main.OtherUser, Main.SomeGroup

The ALLOWTOPICCHANGE setting defines who is allowed to change the group topic; it is a comma delimited list of users and groups. You typically want to restrict that to the members of the group itself, so it should contain the name of the topic. This prevents users not in the group from editing the topic to give themselves or others access. For example, for the KasabianGroup topic write:

Set ALLOWTOPICCHANGE = Main.KasabianGroup

Note: TWiki has strict formatting rules. Make sure you have three spaces, an asterisk, and an extra space in front of any access control rule.

The Super Admin Group

A number of TWiki functions (for example, renaming webs) are only available to administrators. Administrators are simply users who belong to the SuperAdminGroup. This is a standard user group, the name of which is defined by {SuperAdminGroup} setting in configure. The default name of this group is the TWikiAdminGroup. The system administrator may have chosen a different name for this group if your local TWiki uses an alternate group mapping manager but for simplicity we will use the default name TWikiAdminGroup in the rest of this topic.

You can create new administrators simply by adding them to the TWikiAdminGroup topic. For example,

Set GROUP = Main.ElizabethWindsor, Main.TonyBlair

A member of the Super Admin Group has unrestricted access throughout the TWiki, so only trusted staff should be added to this group.

Restricting Access

You can define who is allowed to read or write to a web or a topic. Note that some plugins may not respect access permissions.

Restricting VIEW blocks viewing and searching of content. When you restric VIEW to a topic or web, this also restricts INCLUDE and Formatted SEARCH from showing the content of the topics.

Note that there is an important distinction between CHANGE access and RENAME access. A user can CHANGE a topic, but thanks to version control their changes cannot be lost (the history of the topic before the change is recorded). However if a topic or web is renamed, that history may be lost. Typically a site will only give RENAME access to administrators and content owners.

Controlling access to a Web

You can define restrictions on who is allowed to view a TWiki web. You can restrict access to certain webs to selected Users and Groups, by:

authenticating all webs and restricting selected webs: Topic access in all webs is authenticated, and selected webs have restricted access.

authenticating and restricting selected webs only: Provide unrestricted viewing access to open webs, with authentication and restriction only on selected webs.

You can define these settings in the WebPreferences topic, preferable towards the end of the topic:

Set DENYWEBVIEW = < comma-delimited list of Users and Groups >

Set ALLOWWEBVIEW = < comma-delimited list of Users and Groups >

Set DENYWEBCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWWEBCHANGE = < comma-delimited list of Users and Groups >

Set DENYWEBRENAME = < comma-delimited list of Users and Groups >

Set ALLOWWEBRENAME = < comma-delimited list of Users and Groups >

If your site allows hierarchical webs, then access to sub-webs is determined from the access controls of the parent web, plus the access controls in the sub-web. So, if the parent web has ALLOWWEBVIEW set, this will also apply to the subweb. Also note that you will need to ensure that the parent web's FINALPREFERENCES does not include the access control settings listed above. Otherwise you will not be able override the parent web's access control settings in sub-webs.

Creation and renaming of sub-webs is controlled by the WEBCHANGE setting on the parent web (or ROOTCHANGE for root webs). Renaming is additionally restricted by the setting of WEBRENAME in the web itself.

Note: If you restrict access to the Main, make sure to add the TWikiRegistrationAgent so that users can register. Example:

Set ALLOWWEBCHANGE = TWikiAdminGroup, TWikiRegistrationAgent

Note: For Web level access rights Setting any of these settings to an empty value has the same effect as not setting them at all. Please note that the documentation of TWiki 4.0 and earlier versions of TWiki 4.1 did not reflect the actual implementation, e.g. an empty ALLOWWEBVIEW does not prevent anyone from viewing the web, and an an empty DENYWEBVIEW does not allow all to view the web.

Controlling access to a Topic

You can define these settings in any topic, preferable towards the end of the topic:

Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >

Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >

Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >

Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >

Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >

Remember when opening up access to specific topics within a restricted web that other topics in the web - for example, the WebLeftBar - may also be accessed when viewing the topics. The message you get when you are denied access should tell you what topic you were not permitted to access.

Be careful with empty values for any of these.

Set ALLOWTOPICVIEW = This means the same as not setting it at all. (This was documented wrong in versions 4.0.X, 4.1.0 and 4.1.1)

Set DENYTOPICVIEW = Since TWiki 4.0 this means do not deny anyone the right to view this topic. If DENYTOPICVIEW is set to an empty value anyone has access even if ALLOWTOPICVIEW or ALLOWWEBVIEW is defined. This allows to have very restrictive default access rights to an entire web and still allow individual topics to have more open access.

The same rules apply to ALLOWTOPICCHANGE/DENYTOPICCHANGE and APPLYTOPICRENAME/DENYTOPICRENAME. Setting ALLOWTOPICCHANGE or ALLOWTOPICRENAME to en empty value means the same as not defining it. Setting DENYTOPICCHANGE or DENYTOPICRENAME to an empty value means that anyone can edit or rename the topic.

If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

The setting to an empty has caused confusion and great debate and it has been decided that the empty setting syntax will be replaced by something which is easier to understand in a later version of TWiki. A method to upgrade will be provided. Please read the release notes carefully when you upgrade.

See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

Controlling access to Attachments

Attachments are referred to directly, and are not normally indirected via TWiki scripts. This means that the above instructions for access control will not apply to attachments. It is possible that someone may inadvertently publicise a URL that they expected to be access-controlled.

The easiest way to apply the same access control rules for attachments as apply to topics is to use the Apache mod_rewrite module, and configure your webserver to redirect accesses to attachments to the TWiki viewfile script. For example,

That way all the controls that apply to the topic also apply to attachments to the topic. Other types of webserver have similar support.

Note: Images embedded in topics will load much slower since each image will be delivered by the viewfile script.

Controlling who can manage top-level webs

Top level webs are a special case, because they don't have a parent web with a WebPreferences. So there has to be a special control just for the root level.

You can define these settings in the Main.%TWIKIPREFSTOPIC% topic, preferable towards the end of the topic:

Set DENYROOTCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWROOTCHANGE = < comma-delimited list of Users and Groups >

Note that you do not require ROOTCHANGE access to rename an existing top-level web. You just need WEBCHANGE in the web itself.

How TWiki evaluates ALLOW/DENY settings

When deciding whether to grant access, TWiki evaluates the following rules in order (read from the top of the list; if the logic arrives at PERMITTED or DENIED that applies immediately and no more rules are applied). You need to read the rules bearing in mind that VIEW, CHANGE and RENAME access may be granted/denied separately.

access is PERMITTEDi.e no-one is denied access to this topic.Attention: Use this with caution. This is deprecated and will likely change in the next release.

If ALLOWTOPIC is set

people in the list are PERMITTED

everyone else is DENIED

If DENYWEB is set to a list of wikinames

people in the list are DENIED access

If ALLOWWEB is set to a list of wikinames

people in the list will be PERMITTED

everyone else will be DENIED

If you got this far, access is PERMITTED

Access control and INCLUDE

ALLOWTOPICVIEW and ALLOWTOPICCHANGE only applies to the topic in which the settings are defined. If a topic A includes another topic B, topic A does not inherit the access rights of the included topic B.

Examples: Topic A includes topic B

If the included topic B has ALLOWTOPICCHANGE set to block editing for a user, it does not prevent editing the including topic A.

If the included topic B has ALLOWTOPICVIEW set to block view for a user, the user can still view topic A but he cannot see the included topic B. He will see a message No permission to view B

Access Control quick recipes

Obfuscating Webs

Another way of hiding webs is to keep them hidden by not publishing the URL and by preventing the all webs search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL variable in WebPreferences:

Set NOSEARCHALL = on

This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.

Note: Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.

Restrict Access to Whole TWiki Site

For a firewalled TWiki, e.g. an intranet wiki or extranet wiki, you want to allow only invited people to access your TWiki. In this case, enable user authentication with ApacheLogin and lock down access to the whole twiki/bin and twiki/pub directories to all but valid users. In the Apache .htaccess file or the appropriate .conf file, replace the <FilesMatch "(attach|edit|... section with this:

<FilesMatch ".*">
require valid-user
</FilesMatch>

If needed, you can further restrict access to selected webs with ALLOWWEBVIEW and other access control settings.

Note: With this configuration, someone with access to the site needs to register new users.

Authenticate all Webs and Restrict Selected Webs

Use the following setup to authenticate users for topic viewing in all webs and to restrict access to selected webs. Requires TWikiUserAuthentication to be enabled.

Set require valid-user on your view script in .htaccess or the appropriate Apache .conf file. As of 4.x, this looks like: FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|.*auth).*" (normally view is not in that list).

Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:

Set DENYWEBVIEW = < list of Users and Groups >

Set ALLOWWEBVIEW = < list of Users and Groups >

Note:DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Authenticate and Restrict Selected Webs Only

Use the following setup to provide unrestricted viewing access to open webs, with authentication only on selected webs. Requires TWikiUserAuthentication to be enabled.

Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:

Set DENYWEBVIEW = < list of Users and Groups >

Set ALLOWWEBVIEW = < list of Users and Groups >

Note:DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Hide Control Settings

Tip: To hide access control settings from normal browser viewing, you can put them into the topic preference settings by clicking the link Edit topic preference settings under More topic actions menu. Preferences set in this manner are not visible in the topic text, but take effect nevertheless. Access control settings added as topic preference settings are stored in the topic meta data and they override settings defined in the topic text.

Alternatively, place them in HTML comment markers, but this exposes the access setting during ordinary editing.

TWiki Text Formatting

Working in TWiki is as easy as typing in text. You don't need to know HTML, though you can use it if you prefer. Links to topics are created automatically when you enter WikiWords. And TWiki shorthand gives you all the power of HTML with a simple coding system that takes no time to learn. It's all laid out below.

TWiki Editing Shorthand

Formatting Command:

You write:

You get:

Paragraphs:
Blank lines will create new paragraphs.

1st paragraph
2nd paragraph

1st paragraph

2nd paragraph

Headings:
Three or more dashes at the beginning of a line, followed by plus signs and the heading text. One plus creates a top level heading, two pluses a second level heading, etc. The maximum heading depth is 6.

You can create a table of contents with the %TOC% variable. If you want to exclude a heading from the TOC, put !! after the ---+.

Empty headings are allowed, but won't appear in the table of contents.

---++ Sushi
---+++ Maguro
---+++!! Not in TOC

Sushi

Maguro

Not in TOC

Bold Text:
Words get shown in bold by enclosing them in * asterisks.

*Bold*

Bold

Italic Text:
Words get shown in italic by enclosing them in _ underscores.

_Italic_

Italic

Bold Italic:
Words get shown in bold italic by enclosing them in __ double-underscores.

__Bold italic__

Bold italic

Fixed Font:
Words get shown in fixed font by enclosing them in = equal signs.

You can follow the closing bold, italic, or other (* _ __ = ==) indicator
with normal punctuation, such as commas and full stops.

Make sure there is no space between the text and the indicators.

_This works_,
_this does not _

This works,
_this does not _

Verbatim Text:
Surround code excerpts and other formatted text with <verbatim> and </verbatim> tags.verbatim tags disable HTML code. Use <pre> and </pre> tags instead if you want the HTML code within the tags to be interpreted. NOTE: Preferences variables (* Set NAME = value) are set within verbatim tags.

Separator (Horizontal Rule):
Three or more three dashes at the beginning of a line..

-------

Bulleted List:
Multiple of three spaces, an asterisk, and another space. For all the list types, you can break a list item over several lines by indenting lines after the first one by at least 3 spaces.

* level 1
* level 2
* back on 1
* A bullet
broken over
three lines
* last bullet

level 1

level 2

back on 1

A bullet broken over three lines

last bullet

Numbered List:
Multiple of three spaces, a type character, a dot, and another space. Several types are available besides a number:

WikiWord Links:
CapitalizedWordsStuckTogether (or WikiWords) will produce a link automatically if preceded by whitespace or parenthesis. If you want to link to a topic in a different web write Otherweb.TopicName.
To link to a topic in a subweb write Otherweb.Subweb.TopicName. The link label excludes the name of the web, e.g. only the topic name is shown. As an exception, the name of the web is shown for the WebHome topic. Dots '.' are used to separate webs and subwebs from topic names and therefore cannot be used in topic names.

It's generally a good idea to use the TWikiVariables %SYSTEMWEB% and %USERSWEB% instead of TWiki and Main.

Anchors:
You can define a reference inside a TWiki topic (called an anchor name) and link to that. To define an anchor write #AnchorName at the beginning of a line. The anchor name must be a WikiWord of no more than 32 characters. To link to an anchor name use the [[MyTopic#MyAnchor]] syntax. You can omit the topic name if you want to link within the same topic.

Forced Links:
You can create a forced internal link by enclosing words in double square brackets.
Text within the brackets may contain optional spaces; the topic name is formed by capitalizing the initial letter and by removing the spaces; for example, [[text formatting FAQ]] links to topic TextFormattingFAQ. You can also refer to a different web and use anchors.
To "escape" double square brackets that would otherwise make a link, prefix the leading left square bracket with an exclamation point.

Specific Links:
You can create a link where you specify the link text and the URL separately using nested square brackets [[reference][text]]. Internal link references (e.g. WikiSyntax) and URLs (e.g. http://TWiki.org/) are both supported.
The rules described under Forced Links apply for internal link references.
Anchor names can be added as well, to create a link to a specific place in a topic.

Prevent a Link:
Prevent a WikiWord from being linked by prepending it with an exclamation point.

!SunOS

SunOS

Disable Links:
You can disable automatic linking of WikiWords by surrounding text with <noautolink> and </noautolink> tags. It is possible to turn off all auto-linking with a NOAUTOLINK preferences setting.

<noautolink>
RedHat & SuSE
</noautolink>

RedHat & SuSE

Mailto Links:
E-mail addresses are linked automatically. To create e-mail links that have more descriptive link text, specify subject lines or message bodies, or omit the e-mail address, you can write [[mailto:user@domain][descriptive text]].

Literal content:
TWiki generates HTML code from TWiki shorthand.
Experts surround anything that must be output literally in the HTML code, without the application of
TWiki shorthand rules, with <literal>..</literal> tags. any HTML
within literal tags must be well formed i.e. all tags must be properly closed before
the end of the literal block. TWiki Variables are expanded within literal blocks.

<literal>
| Not | A | Table |
<literal>

| Not | A | Table |

Protected content:Experts protect text from mangling by WYSIWYG editors using
<sticky>..</sticky> tags. Sticky tags don't have any effect on normal
topic display; they are only relevant when content has to be
protected from a WYSIWYG editor (usually because it isn't well-formed HTML, or because it
is HTML that WYSIWYG would normally filter out or modify). Protected
content appears as plain text in the WYSIWYG editor.

<sticky>

<div>
This div is required
</div>

<sticky>

This div is required

Using HTML

You can use most HTML tags in TWiki topics without a problem. This is useful where you want to
add some content that is formatted in a way that is not supported using TWiki shorthand, for example,
you can write <strike>deleted text</strike> to get deleted text.

There are a few usability and technical considerations to keep in mind:

On collaboration pages, it's better not to use HTML, but to use TWiki shorthand instead - this keeps the text uncluttered and easy to edit using the plaintext editor.

You can also write [[http://yahoo.com Yahoo home page]] as an easier way of doing external links with descriptive text for the link, such as Yahoo home page.

TWiki Variables

TWiki Variables are names enclosed in percent signs that are that are expanded to some other text when the topic
is displayed. For example, %TOPIC% is expanded to TWikiVariablesQuickStart.
Some variables can take arguments in curly braces - for example, %INCLUDE{"OtherTopic" ARG="arg"}%.

Many TWiki variables are built-in, and others are predefined for your convenience. You can also define your own
TWiki Variables at the entire site, individual web, or individual topic level. For more information,
go to TWikiVariables

TWiki Variables are fully expanded before any of the TWiki text formatting rules are applied.

Documentation Graphics: There are many graphics available to use in your topics. Use %ICON{"help"}%, %ICON{"tip"}%, and %ICON{"warning"}% to get: , , and , respectively. TWikiDocGraphics lists them all.

To "escape" a variable, prefix it with an exclamation mark. Write: !%SOMEVARIABLE% to get: %SOMEVARIABLE%.

TWikiPlugin Formatting Extensions

Plugins can extend the functionality of TWiki into many other areas. There are a huge number of TWiki plugins available from the Plugins web on TWiki.org.

Currently enabled plugins on this TWiki installation, as listed by %PLUGINDESCRIPTIONS%:

Common Editing Errors

TWiki formatting rules are fairly simple to use and quick to type. However, there are some things to watch out for, taken from the TextFormattingFAQ:

Q: Text enclosed in angle brackets like <filename> is not displayed. How can I show it as it is?

A: The '<' and '>' characters have a special meaning in HTML, they define HTML tags. You need to escape them, so write '&lt;' instead of '<', and '&gt;' instead of '>'. Example: Type 'prog &lt;filename&gt;' to get 'prog <filename>'.

To leave a variable unexpanded, precede it with an exclamation point, e.g. type !%TOPIC% to get %TOPIC%

Variables are expanded relative to the topic they are used in, not the topic they are defined in

Type %ALLVARIABLES% to get a full listing of all variables defined for a particular topic

Variable Names

Variable names must start with a letter. The following characters can be letters, numbers and the underscore '_'. You can use both upper-case and lower-case letters and you can mix the characteres. E.g. %MYVAR%, %MyVar%, %My2ndVar%, and %My_Var% are all valid variable names. Variables are case sensitive. %MyVAR% and %MYVAR% are not the same variable.

By convention all settings, predefined variables and variables used by plugins are always UPPER-CASE.

Preferences Variables

Unlike predefined variables, preferences variables can be defined by the user in various places.

Settings at higher-numbered levels override settings of the same variable at lower numbered levels, unless the variable was included in the setting of FINALPREFERENCES at a lower-numbered level, in which case it is locked at the value it has at that level.

If you are setting a variable and using it in the same topic, note that TWiki reads all the variable settings from the saved version of the topic before it displays anything. This means you can use a variable anywhere in the topic, even if you set it somewhere inconspicuous near the end. But beware: it also means that if you change the setting of a variable you are using in the same topic, Preview will show the wrong thing, and you must Save the topic to see it correctly.

The syntax for setting Variables is the same anywhere in TWiki (on its own TWiki bullet line, including nested bullets): [multiple of 3 spaces] * [space] Set [space] VARIABLENAME [space] = [space] value

Examples:

Set VARIABLENAME = value

Set VARIABLENAME = value

Spaces between the = sign and the value will be ignored. You can split a value over several lines by indenting following lines with spaces - as long as you don't try to use * as the first character on the following line.

Example:

* Set VARIABLENAME = value starts here
and continues here

Whatever you include in your Variable will be expanded on display, exactly as if it had been entered directly.

Example: Create a custom logo variable

To place a logo anywhere in a web by typing %MYLOGO%, define the Variable on the web's WebPreferences topic, and upload a logo file, ex: mylogo.gif. You can upload by attaching the file to WebPreferences, or, to avoid clutter, to any other topic in the same web, e.g. LogoTopic. Sample variable setting in WebPreferences:

Set MYLOGO = %PUBURL%/%WEB%/LogoTopic/mylogo.gif

You can also set preferences variables on a topic by clicking the link Edit topic preference settings under More topic actions. Preferences set in this manner are not visible in the topic text, but take effect nevertheless.

Access Control Variables

These are special types of preferences variables to control access to content. TWikiAccessControl explains these security settings in detail.

Local values for variables

Certain topics (a users home topic, web site and default preferences topics) have a problem; variables defined in those topics can have two meanings. For example, consider a user topic. A user may want to use a double-height edit box when they are editing their home topic - but only when editing their home topic. The rest of the time, they want to have a normal edit box. This separation is achieved using Local in place of Set in the variable definition. For example, if the user sets the following in their home topic:

* Set EDITBOXHEIGHT = 10
* Local EDITBOXHEIGHT = 20

Then when they are editing any other topic, they will get a 10 high edit box. However when they are editing their home topic, they will get a 20 high edit box.
Local can be used wherever a preference needs to take a different value depending on where the current operation is being performed.

Use this powerful feature with great care! %ALLVARIABLES% can be used to get a listing of the values of all variables in their evaluation order, so you can see variable scope if you get confused.

Predefined Variables

Most predefined variables return values that were either set in the configuration when TWiki was installed, or taken from server info (such as current username, or date and time). Some, like %SEARCH%, are powerful and general tools.

Plugins may extend the set of predefined variables (see individual Plugins topics for details)

Take the time to thoroughly read through ALL preference variables. If you actively configure your site, review variables periodically. They cover a wide range of functions, and it can be easy to miss the one perfect variable for something you have in mind. For example, see %INCLUDINGTOPIC%, %INCLUDE%, and the mighty %SEARCH%.

ADDTOHEAD -- add HTML to the HTML head section of the current page

Useful for TWiki applications to add custom CSS or JavaScript to the HTML head section of a topic. Supplied TWiki variables will be expanded. %ADDTOHEAD{}% expands in-place to an empty string, unless there is an error in which case the variable expands to an error string.

Name of topic that contains the full HTML text to add to the head section, such as topic="Main.MyCssTopic"

Mutually exclusive with text=""

section="name"

If topic parameter is used, includes only the specified named section, as defined in the topic by the STARTSECTION and ENDSECTION variables. Nothing is shown if the named section does not exists. section="" is equivalent to not specifying a section

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

BULLET -- bullet character

The %CALC{"formula"}% variable is handled by the SpreadSheetPlugin. There are around 80 formulae, such as $ABS(), $EXACT(), $EXISTS(), $GET()/$SET(), $IF(), $LOG(), $LOWER(), $PERCENTILE(), $TIME(), $VALUE().

Syntax: %CALC{"formula"}%

Examples:

%CALC{"$SUM($ABOVE())"}% returns the sum of all cells above the current cell

The %CALCULATE{formula}% variable is handled by the SpreadSheetPlugin. Over 100 functions are available, such as $ABS(), $EXACT(), $EXISTS(), $GET()/$SET(), $IF(), $LOG(), $LOWER(), $PERCENTILE(), $TIME(), $VALUE().

Syntax: %CALC{formula}%

Examples:

%CALC{$EXISTS(Web.SomeTopic)}% returns 1 if the topic exists

%CALC{$UPPER(Collaboration)}% returns COLLABORATION

Note: The CALCULATE variable is handled inside-out & left-to-right like ordinary TWiki variables, but it does not support functions that refer to table cells, such as $LEFT() or $T(). Use CALC instead.

This is the name of the template to use for this comment. Comment templates are defined in a TWiki template - see Customisation, below. If this attribute is not defined, the type is whatever is defined by COMMENTPLUGIN_DEFAULT_TYPE, either in this topic or in your WebPreferences.

DASHBOARD -- build a dashboard with banner and boxes

Use this variable to quickly create dashboards for intranet home, team homepages, project homepages and knowledge bases. See the TWikiDashboardAddOn for details on enabling and using the %DASHBOARD{...}% variable.

EDITACTION -- Selects an edit template

EDITACTION defined in a topic or preference setting will define the use of an editaction template instead of the standard edit. If EDITACTION is defined as text, then hide the form. If EDITACTION is defined as form hide the normal text area and only edit the form.

When EDITACTION is defined as text or form the Edit and Edit Raw buttons simply add ;action=text or ;action=form to the URL for the edit script. If you have defined EDITACTION in a topic setting or preference setting you can still edit the topic content or the form by removing the ;action=form or ;action=text from the edit URL in the browser and reload.

EDITFORMFIELD{"fieldname" form=""} -- render an input field specified in a form template topic

Use this to create HTML forms that update TWikiForms, such as a custom "create new topic" form, or a topic header that allows users to change some form values at the top of the page. A valid form is composed of a start form type, various form fields, a submit type, and an end form type.

Syntax:

%EDITFORMFIELD{"fieldname" form="...Form"}% - create form field defined in a TWiki Form template

%EDITFORMFIELD{"fieldname" topic="..."}% - create form field based on a topic that has a TWiki Form & initialize its value

Rows can be added and removed if "on" Rows can be added but not removed if "add" Rows cannot be added or removed if "off"

CHANGEROWS plugin setting

quietsave

Quiet Save button is shown if "on", hidden if "off"

QUIETSAVE plugin setting

include

Other topic defining the EDITTABLE parameters. The first %EDITTABLE% in the topic is used. This is useful if you have many topics with the same table format and you want to update the format in one place.

(none)

helptopic

Topic name containing help text shown below the table when editing a table. The %STARTINCLUDE% and %STOPINCLUDE% variables can be used in the topic to specify what is shown.

(no help text)

headerislabel

Table header cells are read-only (labels) if "on"; header cells can be edited if "off" or "0"

"on"

editbutton

Set edit button text, e.g. "Edit this table"; set button image with alt text, e.g. "Edit table, %PUBURL%/%TWIKIWEB%/TWikiDocGraphics/edittopic.gif"; hide edit button at the end of the table with "hide" (Note: Button is automatically hidden if an edit button is present in a cell)

EDITBUTTON plugin setting

buttonrow

Set to top to put the edit buttons above the table.

bottom

javascriptinterface

Use javascript to directly move and delete row without page refresh. Enable with "on", disable with "off".

Double quotes in strings must be escaped when passed into other TWiki variables. Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%

Use type="entity" or type="safe" to protect user input from URL parameters and external sources against cross-site scripting (XSS). type="entity" is more aggressive, but some TWiki applications might not work. type="safe" provides a safe middle ground.

Note: %<color>BG% section must end with %ENDBG%. If you want to switch from one background color to another one you first need to end the active background color with %ENDBG%, such as %REDBG% some text %ENDBG% %GREENBG% more text %ENDBG%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

If the STARTSECTION is named, the corresponding ENDSECTION must also be named with the same name. If the STARTSECTION specifies a type, then the corresponding ENDSECTION must also specify the same type. If the section is unnamed, ENDSECTION will match with the nearest unnamed %STARTSECTION%of the same type above it.

ENV{"varname"} -- inspect the value of an environment variable

Returns the current value of the environment variable in the CGI (Common Gateway Interface) environment. This is the environment that the TWiki scripts run in on the web server.

Note: For security reasons, only those variables whose names match the regular expression in {AccessibleENV} in the Security Settings/Miscellaneous section of configure can be displayed. Any other variable will just be shown as an empty string, irrespective of its real value.

Example: %ENV{MOD_PERL}% displays as: not set

If a variable is undefined (as against being set to the empty string) it will be returned as not set.

Text shown if variable is not defined, e.g. not found. This parameter overrides the format parameter.

"" (empty string)

format="..."

Format with supported variables: • $name for variable name • $value for variable value • $isdefined expanding to 1 or 0 depending if variable is defined or not • $isset expanding to 1 or 0 depending if variable is logically true or false • $ispersistent expanding to 1 or 0 depending if variable is persistent or not • all FormatTokens such as $dollar, $n, $percnt.

"$value"

"name"

Name of variable.

(required)

Example: %GET{"lunch"}% returns Sushi if the following has been previously set:%SET{ "lunch" value="Sushi" }% - see more examples

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

HIDE{text} -- hide content in topic view

Text inside the HIDE is removed when viewing the topic. This can be used to remove large amounts of text from being sent to the browser, such as the user list in Main.TWikiUsers if there are many thousands of users.

Syntax: %HIDE{ any text }%

Expands to: (empty string)

Notes:

Using HIDE is not a replacement for access control, because edit and raw view still show the content.

Variables inside HIDE still get expanded because variables execute inside out, e.g. you can't use it to speed up slow variables.

<!-- HTML comments --> also hide content from the user, but unlike HIDE, HTML comments are sent to the browser.

I -- idea icon

ICON{"name"} -- small documentation graphic or icon of common attachment types

Generates the HTML img tag of a small graphic image attached to TWikiDocGraphics. Images typically have a 16x16 pixel size. You can select a specific image by name, or you can give a full filename, in which case the type of the file will be used to select one of a collection of common file type icons.

ICONURL{"name"} -- URL of small documentation graphic or icon

Generates the full URL of a TWikiDocGraphics image, which TWiki renders as an image. The related %ICON{"name"}% generates the full HTML img tag. Specify image name or full filename (see ICON for details on filenames.)

INCLUDE{"page"} -- include other topic or web page

The name of a topic located in the current web, i.e. %INCLUDE{"WebNotify"}%

"Web.Topic"

A topic in another web, i.e. %INCLUDE{"TWiki.SiteMap"}%

"http://..."

A full qualified URL, i.e. %INCLUDE{"http://twiki.org:80/index.html"}%. Supported content types are text/html and text/plain. if the URL resolves to an attachment file on the server this will automatically translate to a server-side include.

pattern="..."

Include a subset of a topic or a web page. Specify a RegularExpression that scans from start ('^') to end and contains the text you want to keep in parenthesis, e.g., pattern="^.*?(from here.*?to here).*". IncludeTopicsAndWebPages has more.

none

rev="2"

Include a previous topic revision; N/A for URLs

top revision

raw="on"

When a page is included, normally TWiki will process it, doing the following: 1) Alter relative links to point back to originating host, 2) Remove some basic HTML tags (html, head, body, script) and finally 3) Remove newlines from HTML tags spanning multiple lines. If you prefer to include exactly what is in the source of the originating page set this to on. raw="on" is short for disableremoveheaders="on", disableremovescript="on", disableremovebody="on", disablecompresstags="on" and disablerewriteurls="on".

disabled

literal="on"

While using the raw option will indeed include the raw content, the included content will still be processed and rendered like regular topic content. To disable parsing of the included content, set the literal option to "on".

disabled

disableremoveheaders="on"

Bypass stripping headers from included HTML (everything until first </head> tag)

disabled

disableremovescript="on"

Bypass stripping all <script> tags from included HTML

disabled

disableremovebody="on"

Bypass stripping the </body> tag and everything around over and below it

Includes only the specified named section, as defined in the included topic by the STARTSECTION and ENDSECTION variables. Nothing is shown if the named section does not exists. section="" is equivalent to not specifying a section

PARONE="val 1" PARTWO="val 2"

Any other parameter will be defined as a variable within the scope of the included topic. The example parameters on the left will result in %PARONE% and %PARTWO% being defined within the included topic.

Note: JavaScript in included webpages is filtered out as a security precaution per default (disable filter with disableremovescript parameter)

JQTABPANE -- start a JQuery tab pane

Create nice looking horizontal tab panes in TWiki topics. Write a sequence of %JQTAB{"..."}% and %JQENDTAB% pairs, and enclose them in %JQTABPANE% and %JQENDTABPANE%. Tab panes can be nested, e.g. within one tab you can add another tab pane. These variable are handled by the JQueryPlugin.

Example: <select>%LANGUAGES{format="<option $marker value='$langtag'>$langname</option>" selection="%LANGUAGE%"}%</select> creates an option list of the available languages with the current language selected

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

MAKETEXT -- creates text using TWiki's I18N infrastructure

a comma-separated list of arguments to be interpolated in the string, replacing the [_N] placeholders in it.

none

Examples:

%MAKETEXT{string="Notes:"}% expands to Notes:

%MAKETEXT{"If you have any questions, please contact [_1]." args="%WIKIWEBMASTER%"}% expands to If you have any questions, please contact wiki@astro.unistra.fr.

%MAKETEXT{"Did you want to [[[_1]][reset [_2]'s password]]?" args="%SYSTEMWEB%.ResetPassword,%WIKIUSERNAME%"}% expands to Did you want to reset Main.TWikiGuest's password?

Notes:

TWiki will translate the string to the current user's language only if it has such string in its translation table for that language.

Amperstands (&) followed by one letter (one of a...z, A...Z) (say, X) in the translatable string will be translated to <span class='twikiAccessKey'>X</span>. This is used to implement access keys. If you want to write an actual amperstand that stays just before a letter, write two consecutive amperstands (&&): they will be transformed in just one.

translatable string starting with underscores (_) are reserved. You cannot use translatable phrases starting with an underscore.

Make sure that the translatable string is constant. Specially, do not include %VARIABLES% inside the translatable strings (since they will get expanded before the %MAKETEXT{...}% itself is handled).

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

The record value in the following format:FIELD_NAME=FIELD_VALUEFIELD_NAME=FIELD_VALUE ...

$marker or $marker()

Expands to marker for the item matching selection only

$_FILED_NAME or $_FIELD_NAME()

Please be noted that you need to put _ (underscore) in front of a field name. $_FIELD_NAME$ yields the value of the specified field. If the specified field does not exist in the record, it returns the null string ("").

?FIELD_NAME?IF_FIELD_HAS_VALUE?

If the specified field has value and it's neither 0 nor the null string (""), it's evaluated as IF_FIELD_HAS_VALUE. Otherwise, it's evaluated as the null string. This is like q/.../ in Perl. A non-word character following ?FIELD_NAME becomes the terminator; i.e. you can write: ?FIELD_NAME:IF_TRUE: Specifically, the following characters can be used as the delimiter: ! # % ' / : ? @ ^ ` | ~= is excluded because it clashes with a parameter specification in a URL (?name=value).

?!FIELD_NAME?IF_FIELD_HAS_NO_VALUE?

Similar to above but it's opposite. If the field has value, it's evaluated as the null string. Otherwise, it's evaluated as IF_FIELD_HAS_NO_VALUE.

$question

Replaced with ? after the ?FIEL_DNAME and ?!FIELD_ANME constructs are processed.

"| $_ | $__ |"

selection="..."

The record ID to be regarded as the selected. It affects how $marker in the format is evaluated.

none

marker="..."

Text for $marker in the format if the item matches selection

"selected"

filter="..."

The regular expression of record IDs to filter records. Matching is case-insensitive

none

exclude="..."

Comma separated list of record IDs to be excluded. You can use regular expression. If you specify Trash\d*, then Trash, Trash1, Trash2, ... are exluded but LightTrash and TrashBag are not excluded

META -- displays meta-data

Provided mainly for use in templates, this variable generates the parts of the topic view that relate to meta-data (attachments, forms etc.) The formfield item is the most likely to be useful to casual users.

name="...": name of the field. The field value can be shortened as described in FormattedSearch for $formfieldnewline="...": by default, each newline character will be rewritten to <br /> to allow metadata that contains newlines to be used in tables, etc. $n indicates a newline character. bar="...": by default, each vertical bar is rewritten to an HTML entity so as to not be mistaken for a table separator.

all="on" to show hidden attachments. title="..." to show a title - only if attachments are displayed. template="..." to use a custom template for the rendering of attachments; default attachtables is used.

Generates the list of attachments

"moved"

none

Details of any topic moves

"parent"

dontrecurse="on": By default recurses up tree, this has some cost. nowebhome="on": Suppress WebHome. prefix="...": Prefix that goes before parents, but only if there are parents, default "". format="...": Format string used to display each parent topic where $web expands to the web name, and $topic expands to the topic name; default: "[[$web.$topic][$topic]]"suffix="...": Suffix, only appears if there are parents; default "". separator="...": Separator between parents; default " > ".

METASEARCH -- special search of meta data

What sort of search is required? "topicmoved" if search for a topic that may have been moved "parent" if searching for topics that have a specific parent i.e. its children "field" if searching for topics that have a particular form field value (use the name and value parameters to specify which field to search)

Required

web="%WEB%"

Wiki web to search: A web, a list of webs separated by whitespace, or all webs.

Current web

topic="%TOPIC%"

The topic the search relates to, for topicmoved and parent searches

All topics in a web

name

form field to search, for field type searches. May be a regular expression (see SEARCH).

value

form field value, for field type searches. May be a regular expression (see SEARCH).

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

P -- pencil icon

PARENTBC -- parent breadcrumbs for headings

Add %PARENTBC% to a heading of a topic to show the breadcrumb of its parents. Parent topics are linked, topic names are shown spaced out in a smaller font, and are separated by » quotes. In addition, a parentlistSetGetPlugin variable is set to the parent list, and a parent variable is set to the immediate parent. This can be retrieved later in the topic using %GET{parentlist}% and %GET{parent}%, respectively.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

QUERYSTRING -- full, unprocessed string of parameters to this URL

String of all the URL parameters that were on the URL used to get to the current page. For example, if you add ?name=Samantha;age=24;eyes=blue to this URL you can see this in action. This string can be appended to a URL to pass parameter values on to another page.

Note: URLs built this way are typically restricted in length, typically to 2048 characters. If you need more space than this, you will need to use an HTML form and %QUERYPARAMS%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

SEARCH{"text"} -- search content

Search term. Is a keyword search, literal search, regular expression search, or query, depending on the type parameter. SearchHelp has more

required

search="text"

(Alternative to above)

N/A

web="Name"web="Main, Know"web="all"

Comma-separated list of webs to search. You can specifically exclude webs from an all search using a minus sign - for example, web="all,-Secretweb". The special word all means all webs that do not have the NOSEARCHALL variable set to on in their WebPreferences. Note that TWikiAccessControls are respected when searching webs; it is much better to use them than NOSEARCHALL.

Current web

topic="WebPreferences"topic="*Bug"

Limit search to topics: A topic, a topic with asterisk wildcards, or a list of topics separated by comma. Note this is a list of topic names and must not include web names.

All topics in a web

excludetopic="Web*"excludetopic="WebHome, WebChanges"

Exclude topics from search: A topic, a topic with asterisk wildcards, or a list of topics separated by comma. Note this is a list of topic names and must not include web names.

None

scope="topic"scope="text"scope="all"

Search topic name (title); the text (body) of topic; or all (title and body)

"text"

type="keyword"type="word"type="literal"type="regex"type="query"

Control how the search is performed when scope="text" or scope="all"keyword: use Google-like controls as in soap "web service" -shampoo; searches word parts: using the example, topics with "soapsuds" will be found as well, but topics with "shampoos" will be excluded word: identical to keyword but searches whole words: topics with "soapsuds" will not be found, and topics with "shampoos" will not be excluded literal: search for the exact string, like web serviceregex: use a RegularExpression search like soap;web service;!shampoo; to search on whole words use \bsoap\bquery: query search of form fields and other meta-data, like (Firstname='Emma' OR Firstname='John') AND Lastname='Peel'

Sort the results of search by the topic names, topic creation time, last modified time, last editor, or named field of TWikiForms. The sorting is done web by web; if you want to sort across webs, create a formatted table and sort it with TablePlugin's initsort. Note that dates are sorted most recent date last (i.e at the bottom of the table).

Sort by topic name

limit="all"limit="16"

Limit the number of results returned. This is done after sorting if order is specified

All results

date="..."

limits the results to those pages with latest edit time in the given time interval.

Expand variables before applying a FormattedSearch on a search hit. Useful to show the expanded text, e.g. to show the result of a SpreadSheetPlugin%CALC{}% instead of the formula

Raw text

multiple="on"

Multiple hits per topic. Each hit can be formatted. The last token is used in case of a regular expression ";" and search

Only one hit per topic

nofinalnewline="on"

If on, the search variable does not end in a line by itself. Any text continuing immediately after the search variable on the same line will be rendered as part of the table generated by the search, if appropriate.

off

recurse="on"

Recurse into subwebs, if subwebs are enabled.

off

separator=", "

Line separator between search hits

"$n" (Newline)

newline="%BR%"

Line separator within a search hit. Useful if you want to put multi-line content into a table cell, for example if the format="" parameter contains a $pattern() that captures more than one line, or contains a $formfield() that returns a multi-line textfield.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

STARTINCLUDE -- start position of topic text if included

If present in included topic, start to include text from this location up to the end, or up to the location of the %STOPINCLUDE% variable. A normal view of the topic shows everything exept the %STARTINCLUDE% variable itself.

Note: If you want more than one part of the topic included, use %STARTSECTION{type="include"}% instead

STARTSECTION -- marks the start of a section within a topic

Section boundaries are defined with %STARTSECTION{}% and %ENDSECTION{}%.

Sections may be given a name to help identify them, and/or a type, which changes how they are used.

type="section" - the default, used for a generic section, such as a named section used by INCLUDE.

type="include" - like %STARTINCLUDE% ... %STOPINCLUDE% except that you can have as many include blocks as you want (%STARTINCLUDE% is restricted to only one).

type="templateonly" - start position of text to be removed when a template topic is used. Use this to embed text that you do not want expanded when a new topic based on the template topic is created. TWikiTemplates has more.

type="expandvariables" - start position where TWikiVariables get expanded when a new topic is created. Normally only certain variables get expanded when a new topic based on the template topic is created. All variables get expanded within a "expandvariables" section. TWikiTemplates has more.

Initial sorting direction for initsort, set to "up" (descending) or "down" (ascending).

unspecified

initdirection="up"

disableallsort

Disable all sorting, both initsort and header sort. This is mainly used by plugins such as the EditTablePlugin to disable sorting in a table while editing the table.

unspecified

disableallsort="on"

headerbg

Header cell background colour.

"#6b7f93"

headerbg="#999999"

headerbgsorted

Header cell background colour of a sorted column.

the value of headerbg

headerbgsorted="#32596c"

headercolor

Header cell text colour.

"#ffffff"

headercolor="#0000cc"

databg

Data cell background colour, a comma separated list. Specify "none" for no colour, that is to use the colour/background of the page the table is on.

"#edf4f9,#ffffff"

databg="#f2f2f2,#ffffff"

databgsorted

Data cell background colour of a sorted column; see databg.

the values of databg

databgsorted="#d4e8e4,#e5f5ea"

datacolor

Data cell text colour, a comma separated list.

unspecified

datacolor="#0000CC, #000000"

tableborder

Table border width (pixels).

"1"

tableborder="2"

tableframe

Table frame, set to "void" (no sides), "above" (the top side only), "below" (the bottom side only), "hsides" (the top and bottom sides only), "lhs" (the left-hand side only), "rhs" (the right-hand side only), "vsides" (the right and left sides only), "box" (all four sides), "border" (all four sides).

unspecified

tableframe="hsides"

tablerules

Table rules, set to "none" (no rules), "groups" (rules will appear between row groups and column groups only), "rows" (rules will appear between rows only), "cols" (rules will appear between columns only), "all" (rules will appear between all rows and columns).

unspecified

tablerules="rows"

cellpadding

Cell padding (pixels).

"0"

cellpadding="0"

cellspacing

Cell spacing (pixels).

"0"

cellspacing="3"

cellborder

Cell border width (pixels).

unspecified

cellborder="0"

valign

Vertical alignment of cells and headers, set to "top", "middle", "bottom" or "baseline".

unspecified

valign="top"

headervalign

Vertical alignment of header cells; overrides valign.

unspecified

headervalign="top"

datavalign

Vertical alignment of data cells; overrides valign.

unspecified

datavalign="top"

headeralign

Header cell alignment, one value for all columns, or a comma separated list for different alignment of individual columns. Set to "left", "center", "right" or "justify". Overrides individual cell settings.

unspecified

headeralign="left,right"

dataalign

Data cell alignment, one value for all columns, or a comma separated list for different alignment of individual columns. Set to "left", "center", "right" or "justify". Overrides individual cell settings.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

TOC -- table of contents of current topic

Table of Contents. Shows a TOC that is generated automatically based on headings of the current topic. Headings in WikiSyntax ("---++ text") and HTML ("<h2>text</h2>") are taken into account. Any heading text after "!!" is excluded from the TOC; for example, write "---+!! text" if you do not want to list a header in the TOC

TOC{"Topic"} -- table of contents

Table of Contents. Shows a TOC that is generated automatically based on headings of a topic. Headings in WikiSyntax ("---++ text") and HTML ("<h2>text</h2>") are taken into account. Any heading text after "!!" is excluded from the TOC; for example, write "---+!! text" if you do not want to list a header in the TOC

TOPICLIST{"format"} -- topic index of a web

List of all topics in a web. The "format" defines the format of one topic item. It may include variables: The $topic variable gets expanded to the topic name, $marker to marker parameter where topic matches selection, and $web to the name of the web, or any of the standard FormatTokens.

Topic to get the title from. Can be of form TopicName or Web.TopicName.

Current topic

encode="html"

Encode special characters into HTML entities. If a TOPICTITLE is passed into an HTML form field it should be encoded as "html". Additional encodings: encode="quote", encode="moderate", encode="safe", encode="entity" and encode="url". See ENCODE for details.

"" (no encoding)

Example: %TOPICTITLE{Projects.SushiProject}% returns Sushi Project assuming the topic has a form field named "Title" with value "Sushi Project"

IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.

Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.

If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.

Note: The parameter should be the wikiname of a user. Since TWiki 4.2.1, you can also pass a login name. You can only get information about another user if the {AntiSpam}{HideUserDetails} configuration option is not enabled, or if you are an admin. (User details are hidden in this TWiki)

WEBLIST{"format"} -- index of all webs

List of all webs. Obfusticated webs are excluded, e.g. webs with a NOSEARCHALL = on preference variable. The "format" defines the format of one web item. The $name variable gets expanded to the name of the web, $qname gets expanded to double quoted name, $marker to marker where web matches selection.

Format of one line, may include $name (the name of the web), $qname (the name of the web in double quotes), $indentedname (the name of the web with parent web names replaced by indents, for use in indented lists), and $marker (which expands to marker for the item matching selection only)

"$name"

format="format"

(Alternative to above)

"$name"

separator=", "

Line separator

"$n" (new line)

web=""

if you specify $web in format, it will be replaced with this

""

webs="public"

Comma separated list of webs, public expands to all non-hidden.NOTE: Administrators will see all webs, not just the public ones

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

Note:%<color>% text must end with %ENDCOLOR%. If you want to switch from one color to another one you first need to end the active color with %ENDCOLOR%, e.g. write %RED% some text %ENDCOLOR% %GREEN% more text %ENDCOLOR%.

TWiki Formatted Search

Inline search feature allows flexible formatting of search result

The default output format of a %SEARCH{...}% is a table consisting of topic names and topic summaries. Use the format="..." parameter to customize the search result. The format parameter typically defines a bullet or a table row containing variables, such as %SEARCH{ "food" format="| $topic | $summary |" }%. See %SEARCH{...}% for other search parameters, such as separator="".

Syntax

Two parameters can be used to specify a customized search result:

1. header="..." parameter

Use the header parameter to specify the header of a search result. It should correspond to the format of the format parameter. This parameter is optional. Example: header="| *Topic:* | *Summary:* |"

Formatted topic text. In case of a multiple="on" search, it is the line found for each search hit.

$locked

LOCKED flag (if any)

$date

Time stamp of last topic update, e.g. 07 Jun 2020 - 10:26

$isodate

Time stamp of last topic update, e.g. 2020-06-07T10:26Z

$rev

Number of last topic revision, e.g. 4

$username

Login name of last topic update, e.g. jsmith

$wikiname

Wiki user name of last topic update, e.g. JohnSmith

$wikiusername

Wiki user name of last topic update, like Main.JohnSmith

$createdate

Time stamp of topic revision 1

$createusername

Login name of topic revision 1, e.g. jsmith

$createwikiname

Wiki user name of topic revision 1, e.g. JohnSmith

$createwikiusername

Wiki user name of topic revision 1, e.g. Main.JohnSmith

$summary

Topic summary, just the plain text, all formatting and line breaks removed; up to 162 characters

$summary(50)

Topic summary, up to 50 characters shown

$summary(showvarnames)

Topic summary, with %ALLTWIKI{...}% variables shown as ALLTWIKI{...}

$summary(noheader)

Topic summary, with leading ---+ headers removedNote: The tokens can be combined, for example $summary(100, showvarnames, noheader)

$changes

Summary of changes between latest rev and previous rev

$changes(n)

Summary of changes between latest rev and rev n

$formname

The name of the form attached to the topic; empty if none

$formfield(name)

The field value of a form field; for example, $formfield(TopicClassification) would get expanded to PublicFAQ. This applies only to topics that have a TWikiForm

$formfield(name, 10)

Form field value, "- " hyphenated each 10 characters

$formfield(name, 20, -<br />)

Form field value, hyphenated each 20 characters with separator "-<br />"

$formfield(name, 30, ...)

Form field value, shortended to 30 characters with "..." indication

$pattern(reg-exp)

A regular expression pattern to extract some text from a topic (does not search meta data; use $formfield instead). In case of a multiple="on" search, the pattern is applied to the line found in each search hit.• Specify a RegularExpression that covers the whole text (topic or line), which typically starts with .*, and must end in .*• Put text you want to keep in parenthesis, like $pattern(.*?(from here.*?to here).*)• Example: $pattern(.*?\*.*?Email\:\s*([^\n\r]+).*) extracts the e-mail address from a bullet of format * Email: ...• This example has non-greedy .*? patterns to scan for the first occurance of the Email bullet; use greedy .* patterns to scan for the last occurance • Limitation: Do not use .*) inside the pattern, e.g. $pattern(.*foo(.*)bar.*) does not work, but $pattern(.*foo(.*?)bar.*) does • Note: Make sure that the integrity of a web page is not compromised; for example, if you include an HTML table make sure to include everything including the table end tag

$count(reg-exp)

Count of number of times a regular expression pattern appears in the text of a topic (does not search meta data). Follows guidelines for use and limitations outlined above under $pattern(reg-exp). Example: $count(.*?(---[+][+][+][+]) .*) counts the number of <H4> headers in a page.

$ntopics

Number of topics found in current web. This is the current topic count, not the total number of topics

$nhits

Number of hits if multiple="on". Cumulative across all topics in current web. Identical to $ntopics unless multiple="on"

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

$nop or $nop()

Is a "no operation". This variable gets removed; useful for nested search

Everybody can edit any page, this is scary. Doesn't that lead to chaos? Answer...

Nested Search

Search can be nested. For example, search for some topics, then form a new search for each topic found in the first search. The idea is to build the nested search string using a formatted search in the first search.

Here is an example. Let's search for all topics that contain the word "culture" (first search), and let's find out where each topic found is linked from (second search).

Now let's nest the two. We need to escape the second search, e.g. the first search will build a valid second search string. Note that we escape the second search so that it does not get evaluated prematurely by the first search:

Note: Nested search can be slow, especially if you nest more then 3 times. Nesting is limited to 16 levels. For each new nesting level you need to "escape the escapes", e.g. write $dollarpercntSEARCH{ for level three, $dollardollarpercntSEARCH{ for level four, etc.

Search with conditional output

A regular expression search is flexible, but there are limitations. For example, you cannot show all topics that are up to exactly one week old, or create a report that shows all records with invalid form fields or fields within a certain range, etc. You need some additional logic to format output based on a condition:

Specify a search which returns more hits then you need

For each search hit apply a spreadsheet formula to determine if the hit is needed

File Attachments

Each topic can have one or more files of any type attached to it by using the Attach screen to upload (or download) files from your local PC. Attachments are stored under revision control: uploads are automatically backed up; all previous versions of a modified file can be retrieved.

What Are Attachments Good For?

File Attachments can be used to archive data, or to create powerful customized groupware solutions, like file sharing and document management systems, and quick Web page authoring.

Document Management System

You can use Attachments to store and retrieve documents (in any format, with associated graphics, and other media files); attach documents to specific TWiki topics; collaborate on documents with full revision control; distribute documents on a need-to-know basis using web and topic-level access control; create a central reference library that's easy to share with an user group spread around the world.

File Sharing

For file sharing, FileAttachments on a series of topics can be used to quickly create a well-documented, categorized digital download center for all types of files: documents; graphics and other media; drivers and patches; applications; anything you can safely upload!

Web Authoring

Through your Web browser, you can easily upload graphics (or sound files, or anything else you want to link to on a page) and place them on a single page, or use them across a web, or site-wide.

NOTE: You can also add graphics - any files - directly, typically by FTP upload. This requires FTP access, and may be more convenient if you have a large number of files to load. FTP-ed files can't be managed using browser-based Attachment controls. You can use your browser to create TWikiVariables shortcuts, like this %H% = .

Uploading Files

Click on the Attach link at the bottom of the page. The Attach screen lets you browse for a file, add a comment, and upload it. The uploaded file will show up in the File Attachment table.

NOTE: The topic must already exist. It is a two step process if you want to attach a file to a non-existing topic; first create the topic, then add the file attachment.

Any type of file can be uploaded. Some files that might pose a security risk are renamed, ex: *.php files are renamed to *.php.txt so that no one can place code that would be read in a .php file.

The previous upload path is retained for convenience. In case you make some changes to the local file and want to upload it, again you can copy the previous upload path into the Local file field.

TWiki can limit the file size. This is defined by the %ATTACHFILESIZELIMIT% variable of the TWikiPreferences, currently set at 10000 KB.

It's not recommended to upload files greater than a few hundred K through a browser. Large files can be extremely slow-loading, and often time out. Use an FTP site for large file uploads.

Automatic attachments:

When enabled, all files in a topic's attachment directory are shown as attachments to the topic - even if they were directly copied to the directory and never attached by using an 'Attach' link. This is a convenient way to quickly "attach" files to a topic without uploading them one by one; although at the cost of losing audit trail and version control.

To enable this feature, set the {AutoAttachPubFiles} configuration option.

NOTE: The automatic attachment feature can only be used by an administrator who has access to the server's file system.

Properties

The first table is a list of all attachments, including their attributes. An h means the attachment is hidden, it isn't listed when viewing a topic.

The second table is all the versions of the attachment. Click on View to see that version. If it's the most recent version, you'll be taken to an URL that always displays the latest version, which is usually what you want.

To change the comment on an attachment, enter a new comment and then click Change properties. Note that the comment listed against the specific version will not change, however the comment displayed when viewing the topic does change.

To hide/unhide an attachment, enable the Hide file checkbox, then click Change properties.

Known Issues

Unlike topics, attachments are not locked during editing. As a workaround, you can change the comment to indicate an attachment file is being worked on - the comment on the specific version isn't lost, it's there when you list all versions of the attachment.

Attachments are not secured. Anyone can read them if they know the name of the web, topic and attachment.

TWiki Forms

Add structure to content with forms attached to twiki topics. TWiki forms (with form fields) and formatted search are the base for building database applications.

Overview

By adding form-based input to freeform content, you can structure topics with unlimited, easily searchable categories. A form is enabled for a web and can be added to a topic. The form data is shown in tabular format when the topic is viewed, and can be changed in edit mode using edit fields, radio buttons, check boxes and list boxes. Many different form types can be defined in a web, though a topic can only have one form attached to it at a time.

When used in the value field of the form definition, this will find all topic names in the Main web which end in "Office" and use them as the legal field values.

Enabling Forms by Web

Forms have to be enabled for each individual web. The WEBFORMS variable in WebPreferences is optional and defines a list of possible form templates.

Example:

Set WEBFORMS = BugForm, FeatureForm, Books.BookLoanForm

With WEBFORMS enabled, an extra button is added to the edit view. If the topic doesn't have a Form, an Add Form button appears at the end of the topic. If a Form is present, a Change button appears in the top row of the Form. The buttons open a screen that enables selection of a form specified in WEBFORMS, or the No form option.

You have to list the available form topics explicitly. You cannot use a SEARCH to define WEBFORMS.

Adding a form to a topic

Edit the topic and follow the "Add form" button to add a Form. This is typically done to a template topic, either to the WebTopicEditTemplate topic in a web, or a new topic that serves as an application specific template topic. Initial Form values can be set there.

Additionally a new topic can be given a Form using the formtemplate parameter in the (edit or save) URL. Initial values can then be provided in the URLs or as form values:

other than checkboxes: name, ex: ?BugPriority=1

checkbox: namevalue=1, ex: ?ColorRed=1. Boxes with a tick must be specified.

Example: This will add a textfield for the new topic name and a "Create"-Button to your topic. When the button is pressed, the topic editor will open with the form "MyForm" already attached to the new topic.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script you have to use the "post" method. Example:

Note: Initial values will not be set in the form of a new topic if you only use the formtemplate parameter.

Changing a form

You can change a form definition, and TWiki will try to make sure you don't lose any data from the topics that use that form.

If you change the form definition, the changes will not take affect in a topic that uses that form until you edit and save it.

If you add a new field to the form, then it will appear next time you edit a topic that uses the form.

If you delete a field from the form, or change a field name, then the data will not be visible when you edit the topic (the changed form definition will be used). If you save the topic, the old data will be lost (though thanks to revision control, you can always see it in older versions of the topic)

If two people edit the same topic containing a form at exactly the same time, and both change fields in the form, TWiki will try to merge the changes so that no data is lost.

Structure of a Form Template

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Each column of the table is one element of an entry field: Name, Type, Size, Values, Tooltip message, and Attributes.

The Name, Type and Size columns are required. Other columns are optional. The form must have a header row (e.g. | *Name* | *Type* | *Size* |).

Name is the name of the form field.

The Type, Size and Value fields describe the legal values for this field, and how to display them.

Typecheckbox specifies one or more checkboxes. The Size field specifies how many checkboxes will be displayed on each line. The Value field should be a comma-separated list of item labels.

Typecheckbox+buttons will add Set and Clear buttons to the basic checkbox type.

Typeradio is like checkbox except that radio buttons are mutually exclusive; only one can be selected.

Typelabel specifies read-only label text. The Value field should contain the text of the label.

Typeselect specifies a select box. The Value field should contain a comma-separated list of options for the box. The Size field can specify a fixed size for the box (e.g. 1, or a range e.g. 3..10. If you specify a range, then the box will never be smaller than 3 items, never larger than 10, and will be 5 high if there are only 5 options.

There are two modifiers that can be applied to the select type:

select+multi turns multiselect on for the select, to allow Shift+Click and Ctrl+Click to select (or deselect) multiple items.

select+values allows the definition of values that are different to the displayed text. For example:

shows but the values or options Two and Three are 2 and III respectively. You can combine these modifiers e.g. select+multi+values

Typetext specifies a one-line text field. Size specifies the text box width in number of characters. Value is the initial (default) content when a new topic is created with this form template.

Typetextarea specifies a multi-line text box. The Size field should specify columns x rows, e.g. 80x6; default size is 40x5. As for text, the Value field specifies the initial text

Typedate specifies a single-line text box and a button next to it; clicking on the button will bring up a calendar from which the user can select a date. The date can also be typed into the text box. Size specifies the text box width in characters. As for text, the Value field specifies the initial text

Tooltip message is a message that will be displayed when the cursor is hovered over the field in edit view.

Attributes specifies special attributes for the field. Multiple attributes can be entered, separated by spaces.

An attribute H indicates that this field should not be shown in view mode. However, the field is available for editing and storing information.

An attribute M indicates that this field is mandatory. The topic cannot be saved unless a value is provided for this field. If the field is found empty during topic save, an error is raised and the user is redirected to an oops page. Mandatory fields are indicated by an asterisks next to the field name.

For example, a simple form just supporting entry of a name and a date would look as follows:

A very few field names are reserved. If you try to use one of these names, TWiki will automatically append an underscore to the name when the form is used.

You can space out the title of the field, and it will still find the topic e.g. Aeroplane Manufacturers is equivalent to AeroplaneManufacturers.

If a label field has no name, it will not be shown when the form is viewed, only when it is edited.

Field names can in theory include any text, but you should stick to alphanumeric characters. If you want to use a non-wikiname for a select, checkbox or radio field, and want to get the values from another topic, you can use [[...]] links. This notation can also be used when referencing another topic to obtain field values, but a name other than the topic name is required as the name of the field.

Leading and trailing spaces are not significant.

Field Value Notes:

The field value will be used to initialize a field when a form is created, unless specific values are given by the topic template or query parameters. The first item in the list for a select or radio type is the default item. For label, text, and textarea fields the value may also contain commas. checkbox fields cannot be initialized through the form template.

Leading and trailing spaces are not significant.

Field values can also be generated through a FormattedSearch, which must yield a suitable table as the result.

Variables in the initial values of a form definition get expanded when the form definition is loaded.

If you want to use a | character in the initial values field, you have to precede it with a backslash, thus: \|.

You can use <nop> to prevent TWiki variables from being expanded.

The FormatTokens can be used to prevent expansion of other characters.

General Notes:

The topic definition is not read when a topic is viewed.

Form definition topics can be protected in the usual manner, using TWikiAccessControl, to limit who can change the form template and/or individual value lists. Note that view access is required to be able to edit topics that use the form definition, though view access to the form definition is not required to view a topic where the form has been used.

Values in Other Topics

As described above, you can also retrieve possible values for select, checkbox or radio types from other topics. For example, if you have a rows defined like this:

| *Name* | *Type* | *Size* |
| AeroplaneManufacturers | select | |

the TWiki will look for the topic AeroplaneManufacturers to get the possible values for the select.

The AeroplaneManufacturers topic must contain a table, where each row of the table describes a possible value. The table only requires one column, Name. Other columns may be present, but are ignored.

For example:

| *Name* |
| Routan |
| Focke-Wulf |
| De Havilland |

Notes:

The Values column must be empty in the referring form definition.

Extending the range of form data types

You can extend the range of data types accepted by forms by using TWikiPlugins. All such extended data types are single-valued (can only have one value) with the following exceptions:

any type name starting with checkbox

any type name with +multi anywhere in the name

Types with names like this can both take multiple values.

Hints and Tips

Build an HTML form to create new Form-based topics

New topics with a form are created by simple HTML forms asking for a topic name. For example, you can have a SubmitExpenseReport topic where you can create new expense reports, a SubmitVacationRequest topic, and so on. These can specify the required template topic with its associated form. Template topics has more.

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Searching forms this way is obviously pretty inefficient, but it's easy to do. If you want better performance, take a look at some of the structured wiki extensions that support higher performance searching e.g. TWiki:Plugins.DBCachePlugin.

Gotcha!

Some browsers may strip linefeeds from text fields when a topic is saved. If you need linefeeds in a field, make sure it is a textarea.

Master Templates

TWiki uses master templates when composing the output from all actions, like topic view, edit, and preview.
This allows you to change the look and feel of all pages by editing just a few template files.

Master templates are stored as text files with the extension .tmpl.
They are usually HTML with embedded template directives.
The directives are expanded when TWiki wants to generate a user interface screen.

How Template Directives Work

Directives are of the form %TMPL:<key>% and %TMPL:<key>{"attr"}%.

Directives:

%TMPL:INCLUDE{"file"}%: Includes a template file. The file is found as described below.

%TMPL:DEF{"block"}%: Define a block. All text between this and the next %TMPL:END% directive is removed and saved for later use with %TMPL:P.

%TMPL:END%: Ends a block definition.

%TMPL:P{"var"}%: Includes a previously defined block.

%{...}%: is a comment.

Two-pass processing lets you use a variable before or after declaring it.

Templates and TWikiSkins work transparently and interchangeably. For example, you can create a skin that overloads only the twiki.tmpl master template, like twiki.print.tmpl, that redefines the header and footer.

Use of template directives is optional: templates work without them.

NOTE: Template directives work only for templates: they do not get processed in normal topic text.

TMPL:P also supports simple parameters. For example, given the definition
%TMPL:DEF{"x"}% x%P%z%TMPL:END% then %TMPL:P{"x" P="y"}% will expand to xyz.

Note that parameters can simply be ignored; for example, %TMPL:P{"x"}% will expand to x%P%z.

Any alphanumeric characters can be used in parameter names.
You are highly recommended to use parameter names that cannot be confused with TWikiVariables.

Note that three parameter names, context, then and else are reserved.
They are used to support a limited form of "if" condition that you can use to select which of two templates to use, based on a context identifier:

When the "inactive" context is set, then this will expand the "link_inactive" template; otherwise it will expand the "link_active" template.
See IfStatements for details of supported context identifiers.

Finding Templates

The master templates shipped with a twiki release are stored in the twiki/templates directory.
As an example, twiki/templates/view.tmpl is the default template file for the twiki/bin/view script.

You can save templates in other directories as long as they are listed in the {TemplatePath} configuration setting.
The {TemplatePath} is defined in the Miscellaneous section of the configure page.

You can also save templates in user topics (IF there is no possible template match in the templates directory).
The {TemplatePath} configuration setting defines which topics will be accepted as templates.

Templates that are included with an explicit '.tmpl' extension are looked for only in the templates/ directory.
For instance %TMPL:INCLUDE{"example.tmpl"}% will only return templates/example.tmpl, regardless of {TemplatePath} and SKIN settings.

The out-of-the-box setting of {TemplatePath} supports the following search order to determine which template file or topic to use for a particular script or %TMPL:INCLUDE{"script"}% statement.
The skin path is set as described in TWikiSkins.

templates/web/script.skin.tmpl for each skin on the skin path

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.skin.tmpl for each skin on the skin path

templates/web/script.tmpl

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.tmpl

The TWiki topic aweb.atopic if the template name can be parsed into aweb.atopic

The TWiki topic web.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic web.ScriptTemplate

The TWiki topic %SYSTEMWEB%.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic %SYSTEMWEB%.ScriptTemplate

Legend:

script refers to the script name, e.g view, edit

Script refers to the same, but with the first character capitalized, e.g View

skin refers to a skin name, e.g dragon, pattern. All skins are checked at each stage, in the order they appear in the skin path.

Skin refers to the same, but with the first character capitalized, e.g Dragon

web refers to the current web

For example, the example template file will be searched for in the following places, when the current web is Thisweb and the skin path is print,pattern:

templates/Thisweb/example.print.tmpldeprecated; don't rely on it

templates/Thisweb/example.pattern.tmpldeprecated; don't rely on it

templates/example.print.tmpl

templates/example.pattern.tmpl

templates/Thisweb/example.tmpldeprecated; don't rely on it

templates/example.tmpl

Thisweb.PrintSkinExampleTemplate

Thisweb.PatternSkinExampleTemplate

Thisweb.ExampleTemplate

TWiki.PrintSkinExampleTemplate

TWiki.PatternSkinExampleTemplate

TWiki.ExampleTemplate

Template names are usually derived from the name of the currently executing script; however it is also possible to override these settings in the view and edit scripts, for example when a topic-specific template is required. Two preference variables can be used to override the templates used:

TMPL:INCLUDE recursion for piecewise customisation, or mixing in new features

If there is recursion in the TMPL:INCLUDE chain (eg twiki.classic.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path.
For example, to create a customisation of pattern skin, where you only want to over-ride the breadcrumbs for the view script, you can create only a view.yourlocal.tmpl:

The default {TemplatePath} will not give you the desired result if you put these statements in the topic Thisweb.YourlocalSkinViewTemplate. The default {TemplatePath} will resolve the request to the template/view.pattern.tmpl, before it gets to the Thisweb.YourlocalSkinViewTemplate resolution. You can make it work by prefixing the {TemplatePath} with: $web.YourlocalSkin$nameTemplate.

Default master template

twiki.tmpl is the default master template. It defines the following sections.

User name of user who is instantiating the new tpoic, e.g. Main.TWikiGuest

2. Preventing variable expansion

In a template topic, embed text that you do not want expanded inside a %STARTSECTION{type="templateonly"}% ... %ENDSECTION{type="templateonly"}% section. For example, you might want to write this in the template topic:

%STARTSECTION{type="templateonly"}%
This template can only be changed by:
* Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup
%ENDSECTION{type="templateonly"}%

This will restrict who can edit the template topic, but will be removed when a new topic based on that template topic is created.

%NOP% can be used to prevent expansion of TWiki variables that would otherwise be expanded during topic creation. For example, escape %SERVERTIME% with %SER%NOP%VERTIME%.

3. Control over variable expansion

You can forcefully expand TWikiVariables by placing them inside a type="expandvariables" section in the template topic, such as:

Specifying a Form

When you create a new topic based on a template, you often want the new topic to have a form attached to it. You can attach a form to the template topic, in which case it will be copied into the new topic.

Sometimes this isn't quite what you want, as it copies all the existing data from the template topic into the new topic. To avoid this and use the default values specified in the form definition instead, you can use the formtemplate CGI parameter to the edit script to specify the name of a form to attach.

See TWikiScripts for information about all the other parameters to edit.

Automatically Generated Topic Names

For TWiki applications it is useful to be able to automatically generate unique topicnames, such as BugID0001, BugID0002, etc. You can add AUTOINC<n> to the topic name in the edit and save scripts, and it will be replaced with an auto-incremented number on topic save. <n> is a number starting from 0, and may include leading zeros. Leading zeros are used to zero-pad numbers so that auto-incremented topic names can sort properly. Deleted topics are not re-used to ensure uniqueness of topic names. That is, the auto-incremented number is always higher than the existing ones, even if there are gaps in the number sequence.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script you have to use the "post" method. Example:

TIP: You can use the %WIKIUSERNAME% and %DATE% variables in your topic templates to include the signature of the person creating a new topic. The variables are expanded into fixed text when a new topic is created. The standard signature is: -- %WIKIUSERNAME% - %DATE%

Using Absolute vs Relative URLs in Templates

When you use TWikiVariables such as %PUBURL% and %PUBURLPATH% in templates you should be aware that using %PUBURL% instead of %PUBURLPATH% puts absolute URLs in the produced HTML. This means that when a user saves a TWiki page in HTML and emails the file to someone outside a company firewall, the receiver has a severe problem viewing it. It is therefore recommended always to use the %PUBURLPATH% to refer to images, CSS, Javascript files etc so links become relative. This way browsers just give up right away and show a usable html file.

TWiki Skins

Skins overlay regular templates to give different looks and feels to TWiki screens.

Overview

TWiki uses TWikiTemplates files as the basis of all the screens it uses to interact with users. Each screen has an associated template file that contains the basic layout of the screen. This is then filled in by the code to generate what you see in the browser.

TWiki ships with a default set of template files that give a very basic, CSS-themable, look-and-feel. TWiki also includes support for skins that can be selected to give different, more sophisticated, look and feels. A default TWiki installation will usually start up with the PatternSkin already selected. Skins may also be defined by third parties and loaded into a TWiki installation to give more options. To see how TWiki looks when no skin is selected, view this topic with a non-existant skin.

Topic text is not affected by the choice of skin, though a skin can be defined to use a CSS (Cascading Style Sheet), which can sometimes give a radically different appearance to the text.

Changing the default TWiki skin

TWiki default ships with the skin PatternSkin activated. You can set the skin for the whole site, a single web or topic, or for each user individually, by setting the SKIN variable to the name of a skin. If the skin you select doesn't exist, then TWiki will pick up the default templates.

Defining Skins

You may want to define your own skin, for example to comply with corporate web guidelines, or because you have a aesthetic vision that you want to share. There are a couple of places you an start doing this.

The TWikiTemplates files used for skins are located in the twiki/templates directory and are named according to the skin: <scriptname>.<skin>.tmpl. Skin files may also be defined in TWiki topics - see TWikiTemplates for details.

To start creating a new skin, copy the default TWikiTemplates (like view.tmpl), or copy an existing skin to use as a base for your own skin. You should only need to copy the files you intend to customise, as TWiki can be configured to fall back to another skin if a template is not defined in your skin. Name the files as described above (for example view.myskin.tmpl.

For your own TWiki skin you are encouraged to show a small 80x31 pixel logo at the bottom of your skin:

<a href="http://twiki.org/"><img src="%PUBURL%/%SYSTEMWEB%/TWikiLogos/T-logo-80x15.gif" alt="This site is powered by the TWiki collaboration platform" width="80" height="15" title="This site is powered by the TWiki collaboration platform" border="0" /></a>

The standard TWiki skins show the logo in the %WEBCOPYRIGHT% variable.

The following template files are used for TWiki screens, and are referenced in the TWiki core code. If a skin doesn't define its own version of a template file, then TWiki will fall back to the next skin in the skin path, or finally, to the default version of the template file.

(Certain template files are expected to provide certain TMPL:DEFs - these are listed in sub-bullets)

addform - used to select a new form for a topic

attachagain - used when refreshing an existing attachment

attachnew - used when attaching a new file to a topic

attachtables - defines the format of attachments at the bottom of the standard topic view

oopslanguagechanged - used to confirm a new language when internationalisation is enabled

oopsleaseconflict - used to format lease Conflict messages

lease_active, lease_old

preview - used for previewing edited topics before saving

rdiff - used for viewing topic differences

registernotify - used by the user registration system

registernotifyadmin - used by the user registration system

rename - used when renaming a topic

renameconfirm - used when renaming a topic

renamedelete - used when renaming a topic

renameweb - used when renaming a web

renamewebconfirm - used when renaming a web

renamewebdelete - used when renaming a web

searchbookview - used to format inline search results in book view

searchformat - used to format inline search results

search - used by the search CGI script

settings

view - used by the view CGI script

viewprint - used to create the printable view

twiki.tmpl is a master template conventionally used by other templates, but not used directly by code.

Note: Make sure templates do not end with a newline. Any newline will expand to an empty <p /> in the generated html. It will produce invalid html, and may break the page layout.

Partial customisation, or adding in new features to an existing skin

You can use recusion in the TMPL:INCLUDE chain (eg twiki.classic.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path.
For example, to create a customisation of pattern skin, where you only want to remove the edit & WYSIWYG buttons from view page, you create only a view.yourlocal.tmpl:

Because ClassicSkin and the default templates use the same Template definition names, you can over-ride the edit links in them (or any skin derived from them) using the same view.yourlocal.tmpl (just set SKIN=yourlocal,classic either in TWikiPreferences for globally, or a Web's Webname.WebPreferences for a particular web)

Broadcast message at the beginning of your view template, can be used to alert users of scheduled downtimes; can be set in TWikiPreferences

The "Go" Box and Navigation Box

The default skins include a "Go" box, also called "Jump" box, to jump to a topic.

The box also understands URLs, e.g. you can type http://www.google.com/ to jump to an external web site. The feature is handy if you build a skin that has a select box of frequently used links, like Intranet home, employee database, sales database and such. A little JavaScript gets into action on the onchange method of the select tag to fill the selected URL into the "Go" box field, then submits the form.

Here is an example form that has a select box and the "Go" box for illustration purposes. You need to have JavaScript enabled for this to work:

Bare bones header, for demo only

Navigate:

Jump:

Note: Redirect to a URL only works if it is enabled in configure (Miscellaneous, {AllowRedirectUrl}).

Using Cascading Style Sheets

CSS files are gererally attachments to the skin topic that are included in the the skin templates - in the case of PatternSkin in the template styles.pattern.tmpl.

Attachment Tables

Controlling the look and feel of attachment tables is a little bit more complex than for the rest of a skin. By default, the attachment table is a standard TWiki table, and the look is controlled in the same way as other tables. In a very few cases you may want to change the content of the table as well.

The format of standard attachment tables is defined through the use of special TWiki template macros which by default, are defined in the attachtables.tmpl template using the %TMPL:DEF macro syntax described in TWikiTemplates. These macros are:

Packaging and Publishing Skins

Browsing Installed Skins

Activating Skins

TWiki uses a skin search path, which lets you combine skins additively. The skin path is defined using a combination of TWikiVariables and URL parameters.

TWiki works by asking for a template for a particular function - for example, 'view'. The detail of how templates are searched for is described in TWikiTemplates, but in summary, the templates directory is searched for a file called view.skin.tmpl, where skin is the name of the skin e.g. pattern. If no template is found, then the fallback is to use view.tmpl. Each skin on the path is searched for in turn. For example, if you have set the skin path to local,pattern then view.local.tmpl will be searched for first, then view.pattern.tmpl and finally view.tmpl.

The basic skin is defined by a SKIN setting:

Set SKIN = catskin, bearskin

You can also add a parameter to the URL, such as ?skin=catskin,bearskin:

Setting SKIN (or the ?skin parameter in the URL) replaces the existing skin path setting, for the current page only. You can also extend the existing skin path as well, using covers.

Set COVER = ruskin

This pushes a different skin to the front of the skin search path (so for our example above, that final skin path will be ruskin, catskin, bearskin). There is also an equivalent cover URL parameter. The difference between setting SKIN vs. COVER is that if the chosen template is not found (e.g., for included templates), SKIN will fall back onto the next skin in line, or the default skin, if only one skin was present, while COVER will always fall back onto the current skin.

An example would be invoking the printable mode, which is achieved by applying ?cover=print. The view.print.tmpl simply invokes the viewprint template for the current skin which then can appropriately include all other used templates for the current skin. Where the printable mode be applied by using SKIN, all skins would have the same printable appearance.

The full skin path is built up as follows: SKIN setting (or ?skin if it is set), then COVER setting is added, then ?cover.

Hard-Coded Skins

The text skin is reserved for TWiki internal use.

Skin names starting with rss also have a special meaning; if one or more of the skins in the skin path starts with 'rss' then 8-bit characters will be encoded as XML entities in the output, and the content-type header will be forced to text/xml.

TWiki Meta Data

Additional topic data, program-generated or from TWikiForms, is stored embedded in the topic text using META: tags

Overview

By default, TWiki stores topics in files on disk, in a really simple and obvious directory structure. The big advantage of this approach is that it makes it really easy to manipulate topics from outside TWiki, and is also very safe; there are no complex binary indexes to maintain, and moving a topic from one TWiki to another is as simple as copying a couple of text files.

To keep eveything together in one place, TWiki uses a simple method for embedding additional data (program-generated or from TWikiForms) in topics. It does this using META: tags.

Meta Data Syntax

Format is the same as in TWikiVariables, except all fields have a key.

%META:<type>{key1="value1" key2="value2" ...}%

Order of fields within the meta variables is not defined, except that if there is a field with key name, this appears first for easier searching (note the order of the variables themselves is defined).

Each meta variable is on one line.

Values in meta-data are URL encoded so that characters such as \n can be stored.

META:TOPICMOVED

This is optional, exists if topic has ever been moved. If a topic is moved more than once, only the most recent META:TOPICMOVED meta variable exists in the topic, older ones are to be found in the rcs history.

META:TOPICPARENT

The topic from which this was created, typically when clicking on a ? questionmark link, or by filling out a form. Normally just TopicName, but it can be a full Web.TopicName format if the parent is in a different Web.

Recommended Sequence

There is no absolute need for Meta Data variables to be listed in a specific order within a topic, but it makes sense to do so a couple of good reasons:

form fields remain in the order they are defined

the diff function output appears in a logical order

The recommended sequence is:

META:TOPICINFO

META:TOPICPARENT (optional)

text of topic

META:TOPICMOVED (optional)

META:FILEATTACHMENT (0 or more entries)

META:FORM (optional)

META:FIELD (0 or more entries; FORM required)

Viewing Meta Data in Page Source

When viewing a topic the Raw Text link can be clicked to show the text of a topic (i.e., as seen when editing). This is done by adding raw=on to URL. raw=debug shows the meta data as well as the topic data, ex: debug view for this topic

Rendering Meta Data

Meta Data is rendered with the %META% variable. This is mostly used in the view, preview and edit scripts.

You can render form fields in topic text by using the FORMFIELD variable. Example:%FORMFIELD{"TopicClassification"}%
For details, see VarFORMFIELD.

Show form field value. Parameter: name="field_name". Example:%META{ "formfield" name="TopicClassification" }%

%META{"attachments"}%

Show attachments, except for hidden ones. Options: all="on": Show all attachments, including hidden ones.

%META{"moved"}%

Details of any topic moves.

%META{"parent"}%

Show topic parent. Options: dontrecurse="on": By default recurses up tree, at some cost. nowebhome="on": Suppress WebHome. prefix="...": Prefix for parents, only if there are parents, default "". suffix="...": Suffix, only appears if there are parents, default "". separator="...": Separator between parents, default is " > ".

TWiki Add-Ons

Add functionality to TWiki with extensions not based on the TWiki scripts.

Overview

An add-on runs separately from the TWiki scripts, e.g. for data import, export to static HTML, etc. Add-Ons normally do not call any TWiki code directly, though may invoke TWiki scripts. There are different types of add-ons, they may be stand alone scripts, browser plugins, office tool extensions, or even a set of TWiki topics that form a TWiki application.

Creating new Add-Ons

TWiki Contribs

Reusable code that may be used over several plugins and add-ons.

Overview

TWiki contribs extend the functionality of TWiki, typically used by plugins and add-ons. They may also provide alternative implementations for sections of the TWiki core e.g. user management, or when an extension just can't be implemented as a plugin because it requires very close access to TWiki internals.

Creating new Contribs

TWiki Plugins

Add functionality to TWiki with readily available plugins; create plugins based on APIs

Overview

You can add plugins to extend TWiki functionality, without altering the core code. A plug-in approach lets you:

add virtually unlimited features while keeping the main TWiki code compact and efficient;

heavily customize an installation and still do clean updates to new versions of TWiki;

rapidly develop new TWiki functions in Perl using the plugin API.

Everything to do with TWiki plugins - demos, new releases, downloads, development, general discussion - is available at TWiki.org, in the TWiki:Plugins web.

TWiki plugins are developed and contributed by interested members of the community. Plugins are provided on an 'as is' basis; they are not a part of TWiki, but are independently developed and maintained.

Installing Plugins

Each TWiki plugin comes with its own documentation: step-by-step installation instructions, a detailed description of any special requirements, version details, and a working example for testing. Many plugins have an install script that automates these steps for you.

Special Requirements: Some plugins need certain Perl modules to be preinstalled on the host system. Plugins may also use other resources, like graphics, other modules, applications, and templates. You should be able to find detailed instructions in the plugin's documentation.

Each plugin has a standard release topic, located in the TWiki:Plugins web at TWiki.org. There's usually a number of other related topics, such as a developers page, and an appraisal page.

On-Site Pretesting

The recommended approach to testing new plugins before making them public is to create a second local TWiki installation, and test the plugin there. You can allow selected users access to the test area. Once you are satisfied that it won't compromise your main installation, you can install it there as well.

InstalledPlugins shows which plugins are: 1) installed, 2) loading properly, and 3) what TWiki:Codev.PluginHandlers they invoke. Any failures are shown in the Errors section. The %FAILEDPLUGINS% variable can be used to debug failures. You may also want to check your webserver error log and the various TWiki log files.

Some Notes on Plugin Performance

The performance of the system depends to some extent on the number of plugins installed and on the plugin implementation. Some plugins impose no measurable performance decrease, some do. For example, a Plugin might use many Perl libraries that need to be initialized with each page view (unless you run mod_perl). You can only really tell the performance impact by installing the plugin and by measuring the performance with and without the new plugin. Use the TWiki:Plugins.PluginBenchmarkAddOn, or test manually with the Apache ab utility. Example on Unix:time wget -qO /dev/null /twikiAIDA/bin/view/TWiki/AbcPlugin

If you need to install an "expensive" plugin, but you only need its functionality only in a subset of your data, you can disable it elsewhere by defining the %DISABLEDPLUGINS% TWiki variable.

Define DISABLEDPLUGINS to be a comma-separated list of names of plugins to disable. Define it in Main.TWikiPreferences to disable those plugins everywhere, in the WebPreferences topic to disable them in an individual web, or in a topic to disable them in that topic. For example,

* Set DISABLEDPLUGINS = SpreadSheetPlugin, EditTablePlugin

Managing Installed Plugins

Some plugins require additional settings or offer extra options that you have to select. Also, you may want to make a plugin available only in certain webs, or temporarily disable it. And may want to list all available plugins in certain topics. You can handle all of these management tasks with simple procedures:

Enabling Plugins

Plugins can be enabled and disabled with the configure script. An installed plugin needs to be enabled before it can be used.

Plugin Evaluation Order

By default, TWiki executes plugins in alphabetical order on plugin name. It is possible to change the order, for example to evaluate database variables before the spreadsheet CALCs. This can be done with {PluginsOrder} in the plugins section of configure.

Plugin-Specific Settings

Some plugins are configured with plugin preferences variables, newer plugins with configure variables.

Plugin preferences variables are defined in the plugin topic and can be overloaded. The SHORTDESCRIPTION preferences variable is always present, it is needed for the TWiki:Plugins repository on twiki.org. Example preferences variable defined in the TablePlugin topic:

Set SHORTDESCRIPTION = Control attributes of tables and sorting of table columns

Preferences variables of active plugins can be retrieved anywhere in TWiki with %<pluginname>_<var>%, such as %TABLEPLUGIN_SHORTDESCRIPTION%. They can also be redefined with the %<pluginname>_<var>% setting at a lower level in the Main.TWikiPreferences or at the web level. For an easier upgrade it is recommended to customize plugin preferences variables in Main.TWikiPreferences only.

The TWiki Plugin API

Available Core Functions

The TWikiFuncDotPm module (lib/TWiki/Func.pm) describes all the interfaces available to plugins. Plugins should only use the interfaces described in this module.

Note: If you use other core functions not described in Func.pm, you run the risk of creating security holes. Also, your plugin will likely break and require updating when you upgrade to a new version of TWiki.

Predefined Hooks

In addition to TWiki core functions, plugins can use predefined hooks, or callbacks, as described in the lib/TWiki/Plugins/EmptyPlugin.pm module.

All but the initPlugin are disabled. To enable a callback, remove DISABLE_ from the function name.

Always audit the plugins you install, and make sure you are happy with the level of security provided. While every effort is made to monitor plugin authors activities, at the end of the day they are uncontrolled user contributions.

Creating Plugins

With a reasonable knowledge of the Perl scripting language, you can create new plugins or modify and extend existing ones. Basic plug-in architecture uses an Application Programming Interface (API), a set of software instructions that allow external code to interact with the main program. The TWiki Plugin API provides the programming interface for TWiki.

Anatomy of a Plugin

A (very) basic TWiki plugin consists of two files:

a Perl module, e.g. MyFirstPlugin.pm

a documentation topic, e.g. MyFirstPlugin.txt

The Perl module can be a block of code that talks to with TWiki alone, or it can include other elements, like other Perl modules (including other plugins), graphics, TWiki templates, external applications (ex: a Java applet), or just about anything else it can call.
In particular, files that should be web-accessible (graphics, Java applets ...) are best placed as attachments of the MyFirstPlugin topic. Other needed Perl code is best placed in a lib/TWiki/Plugins/MyFirstPlugin/ directory.

The plugin API handles the details of connecting your Perl module with main TWiki code. When you're familiar with the Plugin API, you're ready to develop plugins.

The TWiki:Plugins.BuildContrib module provides a lot of support for plugins development, including a plugin creator, automatic publishing support, and automatic installation script writer. If you plan on writing more than one plugin, you probably need it.

Creating the Perl Module

Copy file lib/TWiki/Plugins/EmptyPlugin.pm to <name>Plugin.pm. The EmptyPlugin.pm module contains mostly empty functions, so it does nothing, but it's ready to be used. Customize it. Refer to the Plugin API specs for more information.

If your plugin uses its own modules and objects, you must include the name of the plugin in the package name. For example, write Package MyFirstPlugin::Attrs; instead of just Package Attrs;. Then call it using:

Writing the Documentation Topic

The plugin documentation topic contains usage instructions and version details. It serves the plugin files as FileAttachments for downloading. (The doc topic is also included in the distribution package.) To create a documentation topic:

In the GoBox enter your plugin name, for example MyFirstPlugin, press enter and create the new topic

paste & save new plugin topic on your site

Customize your plugin topic.

Important: In case you plan to publish your plugin on TWiki.org, use Interwiki names for author names and links to TWiki.org topics, such as TWiki:Main/TWikiGuest. This is important because links should work properly in a plugin topic installed on any TWiki, not just on TWiki.org.

Plugin Info: <Version, credits, history, requirements - entered in a form, displayed as a table. Both are automatically generated when you create or edit a page in the TWiki:Plugins web.>"

Packaging for Distribution

The TWiki:Plugins.BuildContrib is a powerful build environment that is used by the TWiki project to build TWiki itself, as well as many of the plugins. You don't have to use it, but it is highly recommended!

If you don't want (or can't) use the BuildContrib, then a minimum plugin release consists of a Perl module with a WikiName that ends in Plugin, ex: MyFirstPlugin.pm, and a documentation page with the same name(MyFirstPlugin.txt).

Distribute the plugin files in a directory structure that mirrors TWiki. If your plugin uses additional files, include them all:

lib/TWiki/Plugins/MyFirstPlugin.pm

data/TWiki/MyFirstPlugin.txt

pub/TWiki/MyFirstPlugin/uparrow.gif [a required graphic]

Create a zip archive with the plugin name (MyFirstPlugin.zip) and add the entire directory structure from Step 1. The archive should look like this:

Publishing for Public Use

You can release your tested, packaged plugin to the TWiki community through the TWiki:Plugins web. All plugins submitted to TWiki.org are available for download and further development in TWiki:Plugins/PluginPackage.

Link from the doc page to a new, blank page named after the plugin, and ending in Dev, ex: MyFirstPluginDev. This is the discussion page for future development. (User support for plugins is handled in TWiki:Support.)

Once you have done the above steps once, you can use the BuildContrib to upload updates to your plugin.

Thank you very much for sharing your plugin with the TWiki community

Recommended Storage of Plugin Specific Data

Plugins sometimes need to store data. This can be plugin internal data such as cache data, or data generated for browser consumption such as images. Plugins should store data using TWikiFuncDotPm functions that support saving and loading of topics and attachments.

Plugin Internal Data

You can create a plugin "work area" using the TWiki::Func::getWorkArea() function, which gives you a persistent directory where you can store data files. By default they will not be web accessible. The directory is guaranteed to exist, and to be writable by the webserver user. For convenience, TWiki::Func::storeFile() and TWiki::Func::readFile() are provided to persistently store and retrieve simple data in this area.

Web Accessible Data

Topic-specific data such as generated images can be stored in the topic's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file name:

Prefix the filename with an underscore (the leading underscore avoids a name clash with files attached to the same topic)

Identify where the attachment originated from, typically by including the plugin name in the file name

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _GaugePlugin_img123.gif

Web specific data can be stored in the plugin's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file names in plugin attachment area:

Prefix the filename with an underscore

Include the name of the web in the filename

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _Main_roundedge-ul.gif

Integrating with configure

Some TWiki extensions have setup requirements that are best integrated into configure rather than trying to use TWiki preferences variables. These extensions use Config.spec files to publish their configuration requirements.

Config.spec files are read during TWiki configuration. Once a Config.spec has defined a configuration item, it is available for edit through the standard configure interface. Config.spec files are stored in the 'plugin directory' e.g. lib/TWiki/Plugins/BathPlugin/Config.spec.

Structure of a Config.spec file

The Config.spec file for a plugin starts with the plugin announcing what it is:

# ---+ BathPlugin
# This plugin senses the level of water in your bath, and ensures the plug
# is not removed while the water is still warm.

This is followed by one or more configuration items. Each configuration item has a type, a description and a default. For example:

The type (e.g. **SELECT** ) tells configure to how to prompt for the value. It also tells configure how to do some basic checking on the value you actually enter. All the comments between the type and the configuration item are taken as part of the description. The configuration item itself defines the default value for the configuration item. The above spec defines the configuration items $TWiki::cfg{BathPlugin}{PlugType}, $TWiki::cfg{BathPlugin}{ChainLength}, and $TWiki::cfg{BathPlugin}{TempSensorEnabled} for use in your plugin. For example,

Maintaining Plugins

Discussions and Feedback on Plugins

Each published plugin has a plugin development topic on TWiki.org. Plugin development topics are named after your plugin and end in Dev, such as MyFirstPluginDev. The plugin development topic is a great resource to discuss feature enhancements and to get feedback from the TWiki community.

Maintaining Compatibility with Earlier TWiki Versions

The plugin interface (TWikiFuncDotPm functions and plugin handlers) evolve over time. TWiki introduces new API functions to address the needs of plugin authors. Plugins using unofficial TWiki internal functions may no longer work on a TWiki upgrade.

Organizations typically do not upgrade to the latest TWiki for many months. However, many administrators still would like to install the latest versions of a plugin on their older TWiki installation. This need is fulfilled if plugins are maintained in a compatible manner.

Tip: Plugins can be written to be compatible with older and newer TWiki releases. This can be done also for plugins using unofficial TWiki internal functions of an earlier release that no longer work on the latest TWiki codebase.
Here is an example; the TWiki:TWiki.TWikiPluginsSupplement#MaintainPlugins has more details.

Handling deprecated functions

From time-to-time, the TWiki developers will add new functions to the interface (either to TWikiFuncDotPm, or new handlers). Sometimes these improvements mean that old functions have to be deprecated to keep the code manageable. When this happens, the deprecated functions will be supported in the interface for at least one more TWiki release, and probably longer, though this cannot be guaranteed.

When a plugin defines deprecated handlers, a warning will be shown in the list generated by %FAILEDPLUGINS%. Admins who see these warnings should check TWiki.org and if necessary, contact the plugin author, for an updated version of the plugin.

Updated plugins may still need to define deprecated handlers for compatibility with old TWiki versions. In this case, the plugin package that defines old handlers can suppress the warnings in %FAILEDPLUGINS%.

This is done by defining a map from the handler name to the TWiki::Plugins version in which the handler was first deprecated. For example, if we need to define the endRenderingHandler for compatibility with TWiki::Plugins versions before 1.1, we would add this to the plugin:

If the currently-running TWiki version is 1.1 or later, then the handler will not be called and the warning will not be issued. TWiki with versions of TWiki::Plugins before 1.1 will still call the handler as required.

This module defines official functions that Plugins
can use to interact with the TWiki engine and content.

Refer to EmptyPlugin and lib/TWiki/Plugins/EmptyPlugin.pm for a template Plugin and documentation on how to write a Plugin.

Plugins should only use functions published in this module. If you use
functions in other TWiki libraries you might create a security hole and
you will probably need to change your Plugin when you upgrade TWiki.

Deprecated functions will still work in older code, though they should
not be called in new Plugins and should be replaced in older Plugins
as soon as possible.

The version of the TWiki::Func module is defined by the VERSION number of the
TWiki::Plugins module, currently 6.01. This can be shown
by the %PLUGINVERSION% TWiki variable, and accessed in code using
$TWiki::Plugins::VERSION. The 'Since' field in the function
documentation refers to $TWiki::Plugins::VERSION.

Notes on use of $TWiki::Plugins::VERSION (from 1.2 forwards):

If the major version (e.g. 1.) is the same then any plugin coded to use any earlier revision of the 1. API will still work. No function has been removed from the interface, nor has any API published in that version changed in such a way as to require plugins to be recoded.

If the minor version (e.g. 1.1) is incremented there may be changes in the API that may help improve the coding of some plugins - for example, new interfaces giving access to previously hidden core functions. In addition, deprecation of functions in the interface trigger a minor version increment. Note that deprecated functions are not removed, they are merely frozen, and plugin authors are recommended to stop using them.

Any additional digits in the version number relate to minor changes, such as the addition of parameters to the existing functions, or addition of utility functions that are unlikely to require significant changes to existing plugins.

TWiki::Plugins::VERSION also applies to the plugin handlers. The handlers are documented in the EmptyPlugin, and that module indicates what version of TWiki::Plugins::VERSION it relates to.

A full history of the changes to this API can be found at the end of this
topic.

Environment

getSkin( ) -> $skin

Get the skin path, set by the SKIN and COVER preferences variables or the skin and cover CGI parameters

getUrlHost( ) -> $host

getScriptUrl( $web, $topic, $script, ... ) -> $url

Compose fully qualified URL

$web - Web name, e.g. 'Main'

$topic - Topic name, e.g. 'WebNotify'

$script - Script name, e.g. 'view'

... - an arbitrary number of name=>value parameter pairs that will be url-encoded and added to the url. The special parameter name '#' is reserved for specifying an anchor. e.g. getScriptUrl('x','y','view','#'=>'XXX',a=>1,b=>2) will give .../view/x/y?a=1&b=2#XXX

getPubUrlPath( ) -> $path

getExternalResource( $url ) -> $response

Get whatever is at the other end of a URL (using an HTTP GET request). Will
only work for encrypted protocols such as https if the LWP CPAN module is
installed.

Note that the $url may have an optional user and password, as specified by
the relevant RFC. Any proxy set in configure is honoured.

The $response is an object that is known to implement the following subset of
the methods of LWP::Response. It may in fact be an LWP::Response object,
but it may also not be if LWP is not available, so callers may only assume
the following subset of methods is available:

code()

message()

header($field)

content()

is_error()

is_redirect()

Note that if LWP is not available, this function:

can only really be trusted for HTTP/1.0 urls. If HTTP/1.1 or another protocol is required, you are strongly recommended to require LWP.

Will not parse multipart content

In the event of the server returning an error, then is_error() will return
true, code() will return a valid HTTP status code
as specified in RFC 2616 and RFC 2518, and message() will return the
message that was received from
the server. In the event of a client-side error (e.g. an unparseable URL)
then is_error() will return true and message() will return an explanatory
message. code() will return 400 (BAD REQUEST).

Note: Callers can easily check the availability of other HTTP::Response methods
as follows:

my $response = TWiki::Func::getExternalResource($url);
if (!$response->is_error() && $response->isa('HTTP::Response')) {
... other methods of HTTP::Response may be called
} else {
... only the methods listed above may be called
}

Since: TWiki::Plugins::VERSION 1.2

getCgiQuery( ) -> $query

Get CGI query object. Important: Plugins cannot assume that scripts run under CGI, Plugins must always test if the CGI query object is set

Return: $query CGI query object; or 0 if script is called as a shell script

Get a list of all the names of session variables. The list is unsorted.

Session keys are stored and retrieved using setSessionValue and
getSessionValue.

Since: TWiki::Plugins::VERSION 1.2

getSessionValue( $key ) -> $value

Get a session value from the client session module

$key - Session key

Return: $value Value associated with key; empty string if not set

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 200)

setSessionValue( $key, $value ) -> $boolean

Set a session value.

$key - Session key

$value - Value associated with key

Return: true if function succeeded

Since: TWiki::Plugins::VERSION 1.000 (17 Aug 2001)

clearSessionValue( $key ) -> $boolean

Clear a session value that was set using setSessionValue.

$key - name of value stored in session to be cleared. Note that you cannot clear AUTHUSER.

Return: true if the session value was cleared

Since: TWiki::Plugins::VERSION 1.1

getContext() -> \%hash

Get a hash of context identifiers representing the currently active
context.

The context is a set of identifiers that are set
during specific phases of TWiki processing. For example, each of
the standard scripts in the 'bin' directory each has a context
identifier - the view script has 'view', the edit script has 'edit'
etc. So you can easily tell what 'type' of script your Plugin is
being called within. The core context identifiers are listed
in the IfStatements topic. Please be careful not to
overwrite any of these identifiers!

Context identifiers can be used to communicate between Plugins, and between
Plugins and templates. For example, in FirstPlugin .pm, you might write:

%TMPL:DEF{"ON"}% Not off %TMPL:END%
%TMPL:DEF{"OFF"}% Not on %TMPL:END%
%TMPL:P{context="MyID" then="ON" else="OFF"}%

or in a topic:

%IF{"context MyID" then="MyID is ON" else="MyID is OFF"}%

Note: all plugins have an automatically generated context identifier
if they are installed and initialised. For example, if the FirstPlugin is
working, the context ID 'FirstPlugin' will be set.

Since: TWiki::Plugins::VERSION 1.1

pushTopicContext($web, $topic)

$web - new web

$topic - new topic

Change the TWiki context so it behaves as if it was processing $web.$topic
from now on. All the preferences will be reset to those of the new topic.
Note that if the new topic is not readable by the logged in user due to
access control considerations, there will not be an exception. It is the
duty of the caller to check access permissions before changing the topic.

It is the duty of the caller to restore the original context by calling
popTopicContext.

Note that this call does not re-initialise plugins, so if you have used
global variables to remember the web and topic in initPlugin, then those
values will be unchanged.

Since: TWiki::Plugins::VERSION 1.2

popTopicContext()

Returns the TWiki context to the state it was in before the
pushTopicContext was called.

Since: TWiki::Plugins::VERSION 1.2

Preferences

getPreferencesValue( $key, $web ) -> $value

Get a preferences value from TWiki or from a Plugin

$key - Preferences key

$web - Name of web, optional. Current web if not specified; does not apply to settings of Plugin topics

NOTE: As of TWiki4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

getPluginPreferencesFlag( $key ) -> $boolean

Get a preferences flag from your Plugin

$key - Plugin Preferences key w/o PLUGINNAME_ prefix.

Return: false for preferences values "off", "no" and "0", or values not set at all. True otherwise.

Note: This function will will only work when called from the Plugin.pm file itself. it will not work if called from a sub-package (e.g. TWiki::Plugins::MyPlugin::MyModule)

Since: TWiki::Plugins::VERSION 1.021 (27 Mar 2004)

NOTE: As of TWiki4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

setPreferencesValue($name, $val)

Set the preferences value so that future calls to getPreferencesValue will
return this value, and %$name% will expand to the preference when used in
future variable expansions.

The preference only persists for the rest of this request. Finalised
preferences cannot be redefined using this function.

Returns 1 if the preference was defined, and 0 otherwise.

getWikiToolName( ) -> $name

Get toolname as defined in TWiki.cfg

Return: $name Name of tool, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getMainWebname( ) -> $name

Get name of Main web as defined in TWiki.cfg

Return: $name Name, e.g. 'Main'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getTwikiWebname( ) -> $name

Get name of TWiki documentation web as defined in TWiki.cfg

Return: $name Name, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

User Handling and Access Control

getDefaultUserName( ) -> $loginName

Get default user name as defined in the configuration as DefaultUserLogin

Return: $loginName Default user name, e.g. 'guest'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getCanonicalUserID( $user ) -> $cUID

$user can be a login, wikiname or web.wikiname

Return the cUID of the specified user. A cUID is a unique identifier which
is assigned by TWiki for each user.
BEWARE: While the default TWikiUserMapping uses a cUID that looks like a user's
LoginName, some characters are modified to make them compatible with rcs.
Other usermappings may use other conventions - the JoomlaUserMapping
for example, has cUIDs like 'JoomlaeUserMapping_1234'.

If $user is undefined, it assumes the currently logged-in user.

Return: $cUID, an internal unique and portable escaped identifier for
registered users. This may be autogenerated for an authenticated but
unregistered user.

Since: TWiki::Plugins::VERSION 1.2

getWikiName( $user ) -> $wikiName

return the WikiName of the specified user
if $user is undefined Get Wiki name of logged in user

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. 'JohnDoe'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getWikiUserName( $user ) -> $wikiName

return the userWeb.WikiName of the specified user
if $user is undefined Get Wiki name of logged in user

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. "Main.JohnDoe"

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

wikiToUserName( $id ) -> $loginName

Translate a Wiki name to a login name.

$id - Wiki name, e.g. 'Main.JohnDoe' or 'JohnDoe'. Since TWiki 4.2.1, $id may also be a login name. This will normally be transparent, but should be borne in mind if you have login names that are also legal wiki names.

Return: $loginName Login name of user, e.g. 'jdoe', or undef if not
matched.

Note that it is possible for several login names to map to the same wikiname.
This function will only return the first login name that maps to the
wikiname.

Find the wikinames of all users who have the given email address as their
registered address. Since several users could register with the same email
address, this returns a list of wikinames rather than a single wikiname.

You are setting different access controls in the text to those defined in the stored topic,

You already have the topic text in hand, and want to help TWiki avoid having to read it again,

You are providing a $meta parameter.

$topic - Topic name, required, e.g. 'PrivateStuff'

$web - Web name, required, e.g. 'Sandbox'

$meta - Meta-data object, as returned by readTopic. Optional. If undef, but $text is defined, then access controls will be parsed from $text. If defined, then metadata embedded in $text will be ignored. This parameter is always ignored if $text is undefined. Settings in $meta override Set settings in $text.

A perl true result indicates that access is permitted.

Note the weird parameter order is due to compatibility constraints with
earlier TWiki releases.

Tip if you want, you can use this method to check your own access control types. For example, if you:

Webs, Topics and Attachments

Gets a list of webs, filtered according to the spec in the $filter,
which may include one of:

'user' (for only user webs)

'template' (for only template webs i.e. those starting with "_")

$filter may also contain the word 'public' which will further filter
out webs that have NOSEARCHALL set on them.
'allowed' filters out webs the current user can't read.

For example, the deprecated getPublicWebList function can be duplicated
as follows:

my @webs = TWiki::Func::getListOfWebs( "user,public" );

Since: TWiki::Plugins::VERSION 1.1

webExists( $web ) -> $boolean

Test if web exists

$web - Web name, required, e.g. 'Sandbox'

Since: TWiki::Plugins::VERSION 1.000 (14 Jul 2001)

createWeb( $newWeb, $baseWeb, $opts )

$newWeb is the name of the new web.

$baseWeb is the name of an existing web (a template web). If the base web is a system web, all topics in it will be copied into the new web. If it is a normal web, only topics starting with 'Web' will be copied. If no base web is specified, an empty web (with no topics) will be created. If it is specified but does not exist, an error will be thrown.

eachChangeSince($web, $time) -> $iterator

Get an iterator over the list of all the changes in the given web between
$time and now. $time is a time in seconds since 1st Jan 1970, and is not
guaranteed to return any changes that occurred before (now -
{Store}{RememberChangesFor}). {Store}{RememberChangesFor}) is a
setting in configure. Changes are returned in most-recent-first
order.

Use it as follows:

my $iterator = TWiki::Func::eachChangeSince(
$web, time() - 7 * 24 * 60 * 60); # the last 7 days
while ($iterator->hasNext()) {
my $change = $iterator->next();
# $change is a perl hash that contains the following fields:
# topic => topic name
# user => wikiname - wikiname of user who made the change
# time => time of the change
# revision => revision number *after* the change
# more => more info about the change (e.g. 'minor')
}

topicExists( $web, $topic ) -> $boolean

$web and $topic are parsed as described in the documentation for normalizeWebTopicName.
Specifically, the Main is used if $web is not specified and $topic has no web specifier.
To get an expected behaviour it is recommened to specify the current web for $web; don't leave it empty.

setTopicEditLock( $web, $topic, $lock )

$web Web name, e.g. "Main", or empty

$topic Topic name, e.g. "MyTopic", or "Main.MyTopic"

$lock 1 to lease the topic, 0 to clear an existing lease

Takes out a "lease" on the topic. The lease doesn't prevent
anyone from editing and changing the topic, but it does redirect them
to a warning screen, so this provides some protection. The edit script
always takes out a lease.

It is impossible to fully lock a topic. Concurrent changes will be
merged.

NOTE: if you are trying to get revision info for a topic, use
$meta->getRevisionInfo instead if you can - it is significantly
more efficient.

Since: TWiki::Plugins::VERSION 1.000 (29 Jul 2001)

getRevisionAtTime( $web, $topic, $time ) -> $rev

Get the revision number of a topic at a specific time.

$web - web for topic

$topic - topic

$time - time (in epoch secs) for the rev

Return: Single-digit revision number, or undef if it couldn't be determined
(either because the topic isn't that old, or there was a problem)

Since: TWiki::Plugins::VERSION 1.1

readTopic( $web, $topic, $rev ) -> ( $meta, $text )

Read topic text and meta data, regardless of access permissions.

$web - Web name, required, e.g. 'Main'

$topic - Topic name, required, e.g. 'TokyoOffice'

$rev - revision to read (default latest)

Return: ( $meta, $text ) Meta data object and topic text

$meta is a perl 'object' of class TWiki::Meta. This class is
fully documented in the source code documentation shipped with the
release, or can be inspected in the lib/TWiki/Meta.pm file.

This method ignores topic access permissions. You should be careful to use
checkAccessPermissions to ensure the current user has read access to the
topic.

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

readTopicText( $web, $topic, $rev, $ignorePermissions ) -> $text

Read topic text, including meta data

$web - Web name, e.g. 'Main', or empty

$topic - Topic name, e.g. 'MyTopic', or "Main.MyTopic"

$rev - Topic revision to read, optional. Specify the minor part of the revision, e.g. "5", not "1.5"; the top revision is returned if omitted or empty.

$ignorePermissions - Set to "1" if checkAccessPermission() is already performed and OK; an oops URL is returned if user has no permission

Return: $text Topic text with embedded meta data; an oops URL for calling redirectCgiQuery() is returned in case of an error

This method is more efficient than readTopic, but returns meta-data embedded in the text. Plugins authors must be very careful to avoid damaging meta-data. You are recommended to use readTopic instead, which is a lot safer.

Since: TWiki::Plugins::VERSION 1.010 (31 Dec 2002)

attachmentExists( $web, $topic, $attachment ) -> $boolean

Test if attachment exists

$web - Web name, optional, e.g. Main.

$topic - Topic name, required, e.g. TokyoOffice, or Main.TokyoOffice

$attachment - attachment name, e.g.=logo.gif=

$web and $topic are parsed as described in the documentation for normalizeWebTopicName.

Since: TWiki::Plugins::VERSION 1.1

readAttachment( $web, $topic, $name, $rev ) -> $data

$web - web for topic

$topic - topic

$name - attachment name

$rev - revision to read (default latest)

Read an attachment from the store for a topic, and return it as a string. The
names of attachments on a topic can be recovered from the meta-data returned
by readTopic. If the attachment does not exist, or cannot be read, undef
will be returned. If the revision is not specified, the latest version will
be returned.

View permission on the topic is required for the
read to be successful. Access control violations are flagged by a
TWiki::AccessControlException. Permissions are checked for the current user.

Renames the topic. Throws an exception on error or access violation.
If $newWeb is undef, it defaults to $web. If $newTopic is undef, it defaults
to $topic. If $newAttachment is undef, it defaults to $attachment. If all of $newWeb, $newTopic and $newAttachment are undef, it is an error.

The destination topic must already exist, but the destination attachment must
not exist.

Rename an attachment to $TWiki::cfg{TrashWebName}.TrashAttament to delete it.

If template text is found, extracts include statements and fully expands them.

expandTemplate( $def ) -> $string

Do a , only expanding the template (not expanding any variables other than %TMPL)

$def - template name

Return: the text of the expanded template

Since: TWiki::Plugins::VERSION 1.1

A template is defined using a %TMPL:DEF% statement in a template
file. See the documentation on TWiki templates for more information.

writeHeader( $query, $contentLength )

Prints a basic content-type HTML header for text/html to standard out

$query - CGI query object. If not given, the default CGI query will be used (optional, in most cases you should not pass this parameter)

$contentLength - Length of content (optional, in most cases you should not pass this parameter)

Return: none

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

redirectCgiQuery( $query, $url, $passthru )

Redirect to URL

$query - CGI query object. Ignored, only there for compatibility. The session CGI query object is used instead.

$url - URL to redirect to

$passthru - enable passthrough.

Return: none

Print output to STDOUT that will cause a 302 redirect to a new URL.
Nothing more should be printed to STDOUT after this method has been called.

The $passthru parameter allows you to pass the parameters that were passed
to the current query on to the target URL, as long as it is another URL on the
same TWiki installation. If $passthru is set to a true value, then TWiki
will save the current URL parameters, and then try to restore them on the
other side of the redirect. Parameters are stored on the server in a cache
file.

Note that if $passthru is set, then any parameters in $url will be lost
when the old parameters are restored. if you want to change any parameter
values, you will need to do that in the current CGI query before redirecting
e.g.

Special handlers

Special handlers can be defined to make functions in plugins behave as if they were built-in to TWiki.

registerTagHandler( $var, \&fn, $syntax )

Should only be called from initPlugin.

Register a function to handle a simple variable. Handles both %VAR% and %VAR{...}%. Registered variables are treated the same as TWiki internal variables, and are expanded at the same time. This is a lot more efficient than using the commonTagsHandler.

$var - The name of the variable, i.e. the 'MYVAR' part of %MYVAR%. The variable name must match /^[A-Z][A-Z0-9_]*$/ or it won't work.

\&fn - Reference to the handler function.

$syntax can be 'classic' (the default) or 'context-free'. 'classic' syntax is appropriate where you want the variable to support classic TWiki syntax i.e. to accept the standard %MYVAR{ "unnamed" param1="value1" param2="value2" }% syntax, as well as an unquoted default parameter, such as %MYVAR{unquoted parameter}%. If your variable will only use named parameters, you can use 'context-free' syntax, which supports a more relaxed syntax. For example, %MYVAR{param1=value1, value 2, param3="value 3", param4='value 5"}%

Since: TWiki::Plugins::VERSION 1.1

The variable handler function must be of the form:

sub handler(\%session, \%params, $topic, $web)

where:

\%session - a reference to the TWiki session object (may be ignored)

\%params - a reference to a TWiki::Attrs object containing parameters. This can be used as a simple hash that maps parameter names to values, with _DEFAULT being the name for the default parameter.

$topic - name of the topic in the query

$web - name of the web in the query

for example, to execute an arbitrary command on the server, you might do this:

Registered tags differ from tags implemented using the old TWiki approach (text substitution in commonTagsHandler) in the following ways:

registered tags are evaluated at the same time as system tags, such as %SERVERTIME. commonTagsHandler is only called later, when all system tags have already been expanded (though they are expanded again after commonTagsHandler returns).

registered tag names can only contain alphanumerics and _ (underscore)

registering a tag FRED defines both %FRED{...}%and also%FRED%.

registered tag handlers cannot return another tag as their only result (e.g. return '%SERVERTIME%';). It won't work.

registerRESTHandler( $alias, \&fn, )

Should only be called from initPlugin.

Adds a function to the dispatch table of the REST interface

$alias - The name .

\&fn - Reference to the function.

Since: TWiki::Plugins::VERSION 1.1

The handler function must be of the form:

sub handler(\%session)

where:

\%session - a reference to the TWiki session object (may be ignored)

From the REST interface, the name of the plugin must be used
as the subject of the invokation.

This adds the restExample function to the REST dispatch table
for the EmptyPlugin under the 'example' alias, and allows it
to be invoked using the URL

http://server:port/bin/rest/EmptyPlugin/example

note that the URL

http://server:port/bin/rest/EmptyPlugin/restExample

(ie, with the name of the function instead of the alias) will not work.

decodeFormatTokens($str) -> $unencodedString

TWiki has an informal standard set of tokens used in format
parameters that are used to block evaluation of paramater strings.
For example, if you were to write

%MYTAG{format="%WURBLE%"}%

then %WURBLE would be expanded before %MYTAG is evaluated. To avoid
this TWiki uses escapes in the format string. For example:

%MYTAG{format="$percntWURBLE$percnt"}%

This lets you enter arbitrary strings into parameters without worrying that
TWiki will expand them before your plugin gets a chance to deal with them
properly. Once you have processed your tag, you will want to expand these
tokens to their proper value. That's what this function does.

Searching

Search for a string in the content of a web. The search is over all content, including meta-data. Meta-data matches will be returned as formatted lines within the topic content (meta-data matches are returned as lines of the format %META:\w+{.*}%)

$searchString - the search string, in egrep format

$web - The web to search in

\@topics - reference to a list of topics to search

\%option - reference to an options hash

The \%options hash may contain the following options:

type - if regex will perform a egrep-syntax RE search (default '')

casesensitive - false to ignore case (defaulkt true)

files_without_match - true to return files only (default false). If files_without_match is specified, it will return on the first match in each topic (i.e. it will return only one match per topic, and will not return matching lines).

The return value is a reference to a hash which maps each matching topic
name to a list of the lines in that topic that matched the search,
as would be returned by 'grep'.

Plugin-specific file handling

getWorkArea( $pluginName ) -> $directorypath

Gets a private directory for Plugin use. The Plugin is entirely responsible
for managing this directory; TWiki will not read from it, or write to it.

The directory is guaranteed to exist, and to be writable by the webserver
user. By default it will not be web accessible.

The directory and it's contents are permanent, so Plugins must be careful
to keep their areas tidy.

Since: TWiki::Plugins::VERSION 1.1 (Dec 2005)

readFile( $filename ) -> $text

Read file, low level. Used for Plugin workarea.

$filename - Full path name of file

Return: $text Content of file, empty if not found

NOTE: Use this function only for the Plugin workarea, not for topics and attachments. Use the appropriate functions to manipulate topics and attachments.

Since: TWiki::Plugins::VERSION 1.000 (07 Dec 2002)

saveFile( $filename, $text )

Save file, low level. Used for Plugin workarea.

$filename - Full path name of file

$text - Text to save

Return: none

NOTE: Use this function only for the Plugin workarea, not for topics and attachments. Use the appropriate functions to manipulate topics and attachments.

Since: TWiki::Plugins::VERSION 1.000 (07 Dec 2002)

General Utilities

getRegularExpression( $name ) -> $expr

Retrieves a TWiki predefined regular expression or character class.

$name - Name of the expression to retrieve. See notes below

Return: String or precompiled regular expression matching as described below.

Since: TWiki::Plugins::VERSION 1.020 (9 Feb 2004)

Note: TWiki internally precompiles several regular expressions to
represent various string entities in an I18N-compatible manner. Plugins
authors are encouraged to use these in matching where appropriate. The
following are guaranteed to be present. Others may exist, but their use
is unsupported and they may be removed in future TWiki versions.

In the table below, the expression marked type 'String' are intended for
use within character classes (i.e. for use within square brackets inside
a regular expression), for example:

spaceOutWikiWord( $word, $sep ) -> $text

Spaces out a wiki word by inserting a string (default: one space) between each word component.
With parameter $sep any string may be used as separator between the word components; if $sep is undefined it defaults to a space.

$timezone - either not defined (uses the displaytime setting), 'gmtime', or 'servertime'

Return: $text Formatted time string

Note:

if you used the removed formatGmTime, add a third parameter 'gmtime'

Since: TWiki::Plugins::VERSION 1.020 (26 Feb 2004)

isTrue( $value, $default ) -> $boolean

Returns 1 if $value is true, and 0 otherwise. "true" means set to
something with a Perl true value, with the special cases that "off",
"false" and "no" (case insensitive) are forced to false. Leading and
trailing spaces in $value are ignored.

If the value is undef, then $default is returned. If $default is
not specified it is taken as 0.

Deprecated functions

From time-to-time, the TWiki developers will add new functions to the interface (either to TWikiFuncDotPm, or new handlers). Sometimes these improvements mean that old functions have to be deprecated to keep the code manageable. When this happens, the deprecated functions will be supported in the interface for at least one more TWiki release, and probably longer, though this cannot be guaranteed.

Updated plugins may still need to define deprecated handlers for compatibility with old TWiki versions. In this case, the plugin package that defines old handlers can suppress the warnings in %FAILEDPLUGINS%.

This is done by defining a map from the handler name to the TWiki::Plugins version in which the handler was first deprecated. For example, if we need to define the endRenderingHandler for compatibility with TWiki::Plugins versions before 1.1, we would add this to the plugin:

If the currently-running TWiki version is 1.1 or later, then the handler will not be called and the warning will not be issued. TWiki with versions of TWiki::Plugins before 1.1 will still call the handler as required.

The following functions are retained for compatibility only. You should
stop using them as soon as possible.

getScriptUrlPath( ) -> $path

Get script URL path

DEPRECATED since 1.1 - use getScriptUrl instead.

Return: $path URL path of TWiki scripts, e.g. "/cgi-bin"

WARNING: you are strongly recommended not to use this function, as the
{ScriptUrlPaths} URL rewriting rules will not apply to urls generated
using it.